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Your brain on Servlets. Here you are trying to learn something, while here 
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Why use Servlets & JSPs 

Web applications are hot. How many GUI apps do you know that are used by 
millions of users worldwide? As a web app developer, you can free yourself from the grip 


of deployment problems all standalone apps have, and deliver your app to anyone with a 



browser. But you need servlets and JSPs. Because plain old static HTML pages are so, 
well, 1999. Learn to move from web site to web app. 
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Servlets Demystified: write, deploy, and run a servlet 30 

JSP is what happened when somebody introduced Java to HTML 34 
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Web app architecture 

Servlets need help. When a request comes in, somebody has to instantiate 
the servlet or at least allocate a thread to handle the request. Somebody has to call the 
servlet’s doPost() or doGet() method. Somebody has to get the request and the response 
to the servlet. Somebody has to manage the life, death, and resources of the servlet. In 
this chapter, we’ll look at the Container, and we’ll take a first look at the MVC pattern. 
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Mini MVC tutorial 

Create and deploy an MVC web app. It s time to get your hands dirty 
writing an HTML form, a servlet controller, a model (plain old Java class), an XML 
deployment descriptor, and a JSP view. Time to build it, deploy it, and test it. But first, you 
need to set up your development environment. Next, you need to set up your deployment 
environment following the servlet and JSP specs and Tomcat requirements. True, this is a 
small app... but there’s almost NO app that’s too small to use MVC. 



^~ 1 




WEB-INF 1 

<body> 

</body> 

</htxnl> 


%> 


form.html 



result.jsp 


This web-xml 
file MUST be 
IVEB-INF 


This package stvud-tuv-e is exactly wKai \we used 
in the developmen't envivonmen't- Unless yowVe 
deploy'mg y ol *v classes in a JAR (we’ll "bfk about 
that laiev- in -tKe book), then you MUST put the 
package divedWy stv-ud-tuve immediately undev- 
^EB-IKF/dlasses. 1 


Exam Objectives 

Let’s build an MVC application; the first design 
Create the development and deployment environments 
Create and test the HTML for the initial form page 
Create the Deployment Descriptor (DD) 

Create, compile, deploy, and test the controller servlet 
Design, build, and test the model component 
Enhance the controller to call the model 
Create and deploy the view component (it’s a JSP) 
Enhance the controller servlet to call the JSP 
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ashamed of... 


eing a Servlet 

lervlets need help. When a request A servlet's job is to take a client’s request 
and send back a response. The request might be simple: “get me the Welcome page." Or 
it might be complex: “Complete my shopping cart check-out." The request carries crucial 
data, and your servlet code has to know how to find it and how to use it And your servlet 
code has to know how to send a response. Or not... 
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Being a web app 

No Servlet stands alone. In today’s modern web app, many components 
work together to accomplish a goal. You have models, controllers, and views. You have 
parameters and attributes. You have helper classes. But how do you tie the pieces 


together? How do you let components share information? How do you hide information? 


How do you make information thread-safe? Your job may depend on the answers. 
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Conversational state 

Web servers have no short-term memory. As soon as they send you 

a response, they forget who you are. The next time you make a request, they don’t 
recognize you. They don’t remember what you’ve requested in the past, and they don’t 
remember what they’ve sent you in response. Nothing. But sometimes you need to keep 
conversational state with the client across multiple requests. A shopping cart wouldn’t 


work if the client had to make all his choices and then checkout in a single request. 



Exam Objectives 

It’s supposed to be a conversation, (how sessions work) 

Session IDs, cookies, and other session basics 

URL rewriting: something to fall back on 
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m w Being a JSP 

A JSP becomes 3 servlet. A servlet that you don’t create. The Container looks 
at your JSP, translates it into Java source code, and compiles it into a full-fledged Java 
servlet class. But you’ve got to know what happens when the code you write in the JSP 


is turned into Java code. You can write Java code in your JSP, but should you? And if 
not Java code, what do you write? How does it translate into Java code? We’ll look at 
six different kinds of JSP elements — each with its own purpose and, yes, unique syntax. 


You’ll learn how, why, and what to write in your JSP. And you’ll learn what not to write. 
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Exam Objectives 

Create a simple JSP using “out” and a page directive 
JSP expressions, variables, and declarations 
Time to see aJSP-generated servlet 
The out variable isn’t the only implicit object... 

The Lifecycle and initialization of a JSP 

While we’re on the subject... let’s talk more about the three directives 
Scriptlets considered harmful? Here’s EL 
But wait... we haven’t seen: actions 
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Script-free pages 

Lose the scripting. Do your web page designers really have to know Java? 

Do they expect server-side Java programmers to be, say, graphic designers? And even 


if it’s just you on the team, do you really want a pile of bits and pieces of Java code in 
your JSPs? Can you say, “maintenance nightmare ”？ Writing scriptless pages is not just 


possible, it’s become much easier and more flexible with the new JSP 2.0 spec, thanks 


Don't expect 
ME to strip out your 
redundant opening and 
closing tags. 


to the new Expression Language (EL). Patterned after JavaScript and XPATH, web 
designers feel right at home with EL, and you’ll like it too (once you get used to it). But 
there are some traps... EL looks like Java, but isn’t. Sometimes EL behaves differently 
than if you used the same syntax in Java, so pay attention! 
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① The Header file (“Header.jsp”) 
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We can help. 
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Custom tags are powerful 

Sometimes you need more than EL or standard actions, what if 

you want to loop through the data in an array, and display one item per row in an HTML 
table? You know you could write that in two seconds using a for loop in a scriptlet. But 
you’re trying to get away from scripting. No problem. When EL and standard actions 
aren’t enough, you can use custom tags. They’re as easy to use in a JSP as standard 
actions. Even better, someone’s already written a pile of the ones you’re most likely to 
need, and bundled them into the JSP Standard Tag Library (JSTL). In this chapter we’ll 
learn to use custom tags, and in the next chapter we’ll learn to create our own. 
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<table> 
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<c:forEach var="listElement" items="${movies }" > 


\ooY 


loop 


<c: forEach var= ^movie ^ items:" 彡 / "listiJlementJ " > 
<tr> <f\ 

<td>$ {movie}</td> 」 

</tr> 

</c:forEach 〉 


</c:forEach> 




</table> 
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http://localhost:8080/tesUSP 1 /Tesler.do 
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When even JSTL isn’t enough... 

Sometimes JSTL and standard actions aren’t enough, when you 

need something custom, and you don’t want to go back to scripting, you can write your 
own tag handlers. That way, your page designers can use your tag in their pages, while 
all the hard work is done behind the scenes in your tag handler class. But there are three 
different ways to build your own tag handlers, so there’s a lot to learn. Of the three, two 
were introduced with JSP 2.0 to make your life easier (Simple Tags and Tag Files). 
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Tag Files: like include, only better 

Where the Container looks for Tag Files 

Simple tag handlers 

A Simple tag with a body 

What if the tag body uses an expression? 

You still have to know about Classic tag handlers 
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Deploying your web app 

Finally, your web app is ready for prime time. Your pages are 

polished, your code is tested and tuned, and your deadline was two weeks ago. But 
where does everything go? So many directories, so many rules. What do you name your 


Reference to a local bean 


Uc ONPI ^ 




directories? What does the client think they’re named? What does the client actually 
request, and how does the Container know where to look? 


<ejb-local-ref> 

<ejb-ref-name>ejb/Customer</ejb-ref-name> 

<ejb-ref-type>Entity</ejb-ref-type> 

<local-home>com.wickedlysmart.CustomerHome</local-home> 
<local>com.wickedlysmart.Customer</local> 

</ejb-local-ref> 



& ⑽ r 


A LOCAL bean means the client (in 
this case, a servlet) and the bean 
must be running in the same JVM. 


Reference 1 


I remote bean 


<ejb-ref> 

<ejb-ref-name>ejb/LocalCustomer</ejb-ref-name> 
<ejb-ref-type>Entity</ejb-ref-type> v Servlet 

<home>com.wickedlysmart.CustomerHome</home> 
<remote>com .wickedlysmart.Customer</ remote 〉 
</ejb-ref> 
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Keep it secret, keep it safe 

Your Web app is in dsnger. Trouble lurks in every corner of the network. You 
don’t want the Bad Guys listening in to your online store transactions, picking off credit 


card numbers. You don’t want the Bad Guys convincing your server that they’re actually 
the Special Customers Who Get Big Discounts. And you don’t want anyone (good OR 


bad) looking at sensitive employee data. Does Jim in marketing really need to know that 
Lisa in engineering makes three times as much as he does? 


Top Ten Reasons to do 
your security declaratively 

⑩附 0 doesn ’t need more XML 
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The power of filters 

Filters let you intercept the request. And if you can intercept the request, 
you can also control the response. And best of all, the servlet remains clueless. It never 
knows that someone stepped in between the client request and the Container’s invocation 
of the servlet’s service 。 method. What does that mean to you? More vacations. Because 
the time you would have spent rewriting just one of your servlets can be spent instead 
writing and configuring a filter that has the ability to affect all of your servlets. Want to add 
user request tracking to every servlet in your app? No problem. Manipulate the output 
from every servlet in your app? No problem. And you don’t even have to touch the servlet. 


Filter7 1 
doFilter(r,r,c) > 


Filter3 I 
doFilter*(r ， ,c) \ 

the stack 

❻ 

The Container 
pushes Filter7's 
doFilterQ method 
on the top of the 
stack - where it 
executes until it 
reaches its chain. 
doFilterQ call. 



Filter7 

doFilter(r,r,c) 


Filter3 

doFilter(r,r,c), 

the stack 

❺ 

The Container 
pushes ServletA's 
service() method 
on the top of 
the stack where 
it executes to 
completion, and is 
then popped off 
the stack. 


Filter7 | 
doFilter(r,r,c) \ 

Filter3 ] 
doFilter( r,r,c) I 

the stack 

o 

The Container 
returns control to 
Filter/, where its 
doFilter() method 
completes and is 
then popped off. 


Filter3 ] 
ldoFilter(r\r,c ) 、 

the stack 

o 

The Container 
returns control to 
Filt6r3, where its 
doFilter() method 
completes, and is 
popped off. Then 
the Container 
completes the 
response. 
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Enterprise design patterns 

Someone has done this already. IfyouYejust starting to develop web 
applications in Java, you’re lucky. You get to exploit the collective wisdom of the tens 
of thousands of developers whoVe been down that road and got the t-shirt. Using both 
J2EE-specific and overdesign patterns, you can can simplify your code and your life. 
And the most significant design pattern for web apps, MVC, even has a wildly popular 
framework, Struts, that’ll help you craft a flexible, maintainable servlet Front Controller. 


You owe it to yourself to take advantage of everyone else’s work so that you can spend 
more time on the more important things in life... 


Struts in a 



Exam Objectives 738 

Hardware and software forces behind patterns 7 39 

Review of softweare design principles... 744 

Patterns to support remote model components 7 45 

Overview of JNDI and RMI 747 

The Business Delegate is a “go-between” 753 

Time for a Transfer Object? 759 

Business tier patterns: quick review 761 

Our very first pattern revisited... MVG 762 

Yes! It’s Stmts (and FrontGontroller) in a nutshell 767 

Refactoring the Beer app for Stmts 770 

Review of patterns 778 



c 办苓尹疙它 


The final Coffee Cram Mock Exam. This is it. 69 questions. The tone, 


topics, and difficulty level are all virtually identical to the real exam. We know. 


Final mock exam 791 

Answers 828 



Index 


865 


xviii 






how to use this book 


Intro 





如 W— : book?” 




XIX 









how to use this book 


Who is this book for? 

If you can answer “yes” to all of these: 

① Do you know how to program in Java (you don’t need 
to be a guru)? 

(2) Do you like to tinker - do you learn by doing, rather 
than just reading? Do you want to learn, understand, 
and remember servlets and JSPs, and pass the 
SCWCD for Java EE 1.5 exam? 

(§) Do you prefer stimulating dinner party conversation 
to dry, dull, academic lectures? 

this book is for you. 


Who should probably back away from this book? 

If you can answer “yes” to any of these: 

Are you completely new to Java? You don’t need to 
be an advanced programmer, but if you don’t have any 
experience, go pick up a copy of Head First Java, right 
now, and then come back to this book. 

(2) Are you a kick-butt Java programmer looking for a 
reference book? 

( 3 ) Are you a Java EE veteran looking for ultra-advanced 
server techniques, server-specific how-to's, enterprise 
architecture, and complex, robust, real-world code? 

/TN Are you afraid to try something different? Would 
you rather have a root canal than mix stripes with 
plaid? Do you believe that a technical book can’t be 
serious if Java components are anthropomorphized? 


this book is not for you. 
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the intro 


Wc know what you’re thinking. 


How can this be a serious programming book? 
What’s with all the graphics?” 

Can I actually learn it this way?” 





And m know what your brain h thinking. 

Your brain craves novelty. It’s always searching, scanning, waiting for 
something unusual. It was built that way, and it helps you stay alive. 

So what does your brain do with all the routine, ordinary, normal things 
you encounter? Everything it can to stop them from interfering with the 
brain’s real]oh — recording things that matter. It doesn’t bother saving 
the boring things; they never make it past the “this is obviously not 
important” filter. 

How does your brain know what’s important? Suppose you’re out for 
a day hike and a tiger jumps in front of you, what happens inside your 
head and body? 

Neurons fire. Emotions crank up. Chemicals surge. 

And that’s how your brain knows... 

This must be important! Don’t forget it! 

But imagine you’re at home, or in a library. It’s a safe, warm, tiger-free zone. \/ oVA y- ^ 

You’re studying. Getting ready for an exam. Or trying to learn some 
tough technical topic your boss thinks will take a week, ten days at 
the most. 

Just one problem. Your brain’s trying to do you a big favor. It’s trying 
to make sure that this obviously non-important content doesn’t clutter 
up scarce resources. Resources that are better spent storing the really 
big things. Like tigers. Like the danger of fire. Like how you should 
never again snowboard in shorts. 

And there’s no simple way to tell your brain, “Hey brain, thank you 
very much, but no matter how dull this book is, and how little I’m 
registering on the emotional Richter scale right now, I really do want 
you to keep this stuff around.” 
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Metacognition: thinking about thinking 


If you really want to learn, and you want to learn more quickly and more deeply, 
pay attention to how you pay attention. Think about how you think. Learn how you 
learn. 

Most of us did not take courses on metacognition or learning theory when we were 
growing up. We were expected to learn, but rarely taught to learn. 


I wonder how I 
can trick my brain 
into remembering 
this stuff... 



The trick is to get your brain to see the new material you’re learning 
as Really Important. Crucial to your well-being. As important as 
a tiger. Otherwise, you’re in for a constant battle, with your brain 
doing its best to keep the new content from sticking. 


So just how DO you get your brain to treat 
servlets like it’s a hungry tiger? 

There’s the slow, tedious way, or the faster, more effective way. 
The slow way is about sheer repetition. You obviously know that 
you are able to learn and remember even the dullest of topics 


But we assume that if you’re holding this book, you really want to learn how to build 
web applications in Java, and pass the SGWGD exam. And you probably don’t want 
to spend a lot of time. If you want to use what you read in this book, you need to 
remember what you read. And for that, you’ve got to understand it. To get the most from 
this book, or any book or learning experience, take responsibility for your brain. Your 
brain on this content. 


if you keep pounding the same thing into your brain. With enough 

repetition, your brain says, “This doesn’t feel important to him, but he keeps looking at 

the same thing over and over and over, so I suppose it must be.” 


The faster way is to do anything that increases brain activity^ especially different 
types of brain activity. The things on the previous page are a big part of the solution, 
and they’re all things that have been proven to help your brain work in your favor. For 
example, studies show that putting words within the pictures they describe (as opposed to 
somewhere else in the page, like a caption or in the body text) causes your brain to try to 
makes sense of how the words and picture relate, and this causes more neurons to fire. 
More neurons firing = more chances for your brain to get that this is something worth 
paying attention to, and possibly recording. 


A conversational style helps because people tend to pay more attention when they 
perceive that they’re in a conversation, since they’re expected to follow along and hold up 
their end. The amazing thing is, your brain doesn’t necessarily care that the “conversation” 
is between you and a book! On the other hand, if the writing style is formal and dry, your 
brain perceives it the same way you experience being lectured to while sitting in a roomful 
of passive attendees. No need to stay awake. 

But pictures and conversational style are just the beginning. 
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Here's what WE did: 


We used pictures^ because your brain is tuned for visuals, not text. As far as your brain’s 
concerned, a picture really is worth a thousand words. And when text and pictures work 
together, we embedded the text in the pictures because your brain works more effectively 
when the text is within the thing the text refers to, as opposed to in a caption or buried in the 
text somewhere. 

We used redundancy, saying the same thing in different ways and with different media types, 
and multiple senses, to increase the chance that the content gets coded into more than one area 
of your brain. 


Rachel's turf 



Web designers hang Kim's Responsibilty 

out here... 


We used concepts and pictures in unexpected ways because your brain is tuned for 
novelty, and we used pictures and ideas with at least some emotional content, because your 
brain is tuned to pay attention to the biochemistry of emotions. That which causes you to 
feel something is more likely to be remembered, even if that feeling is nothing more than a 

little humor, surprise, oy interest. 

We used a personalized, conversational style, because your brain is tuned to pay 
more attention when it believes you’re in a conversation than if it thinks you’re passively 
listening to a presentation. Your brain does this even when you’re reading. 



BE tbe Container 


We included more than 40 activities ， because your brain is tuned to learn and remember 
more when you do things than when you read about things. And we made the exercises 
challenging-yet-doable, because that’s what most people prefer. 


/i( 


We used multiple learning styles, because might prefer step-by-step procedures, while 
someone else wants to understand the big picture first, and someone else just wants to see 
an example. But regardless of your own learning preference, everyone benefits from seeing the 
same content represented in multiple ways. 

We include content for both sides of your brain, because the more of your brain you 
engage, the more likely you are to learn and remember, and the longer you can stay focused. 


BULLET POINT 



Since working one side of the brain often means giving the other side a chance to rest, you 
can be more productive at learning for a longer period of time. 

And we included stories and exercises that present more than one point of view, 
because your brain is tuned to learn more deeply when it’s forced to make evaluations and 
judgments. 

We included challenges, with exercises, and by asking questions that don’t always have 
a straight answer, because your brain is tuned to learn and remember when it has to work at 
something. Think about it — you can’t get your body in shape just by watching people at the 
gym. But we did our best to make sure that when you’re working hard, it’s on the right things. 

you 9 re not spending one extra dendrite processing a hard-to-understand example, 
or parsing difficult, jargon-laden, or overly terse text. 

We people. In stories, examples, pictures, etc., because, well, because a person. 
And your brain pays more attention to people than it does to things. 

We used an 80/20 approach. We assume that if you’re going for a PhD inJSPs, this won’t be 
your only book. So we don’t talk about everything... just the stuff you’ll actually need. 
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Here's what YOU caw do to bend 
your brain mto submission 

So, we did our part. The rest is up to you. These tips are a 
starting point; listen to your brain and figure out what works 
for you and what doesn’t. Try new things. 

iWis out ahd sii^k ii 
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(T) Slow down. The more you understand, 
the less you have to memorize. 

Don’t just read. Stop and think. When the 
book asks you a question, don’t just skip to the 
answer. Imagine that someone really is asking 
the question. The more deeply you force your 
brain to think, the better chance you have of 
learning and remembering. 

Do the exercises. Write your own notes. 

We put them in, but if we did them for you, 
that would be like having someone else do 
your workouts for you. And don’t just look at 
the exercises. Use a pencil. There’s plenty of 
evidence that physical activity while learning 
can increase the learning. 

(§) Read the “There are No Dumb Questions” 

That means all of them. They’re not optional 
sidebars — they } re part of the core content! 

Don’t skip them. 

(4) Make this the last thing you read before 
bed. Or at least the last challenging thing. 

Part of the learning (especially the transfer to 
long-term memory) happens after you put the 
book down. Your brain needs time on its own, to 
do more processing. If you put in something new 
during that processing time, some of what you 
just learned will be lost. 

(5) Drink water. Lots of it. 

Your brain works best in a nice bath of fluid. 
Dehydration (which can happen before you ever 
feel thirsty) decreases cognitive function. 


Talk about it. Out loud. 

Speaking activates a different part of the brain. 

If you’re trying to understand something, or 
increase your chance of remembering it later, say 
it out loud. Better still, try to explain it out loud 
to someone else. You’ll learn more quickly, and 
you might uncover ideas you hadn’t known were 
there when you were reading about it. 

(7) Listen to your brain. 

Pay attention to whether your brain is getting 
overloaded. If you find yourself starting to skim 
the surface or forget what you just read, it’s time 
for a break. Once you go past a certain point, you 
won’t learn faster by trying to shove more in, and 
you might even hurt the process. 

(§) Feel something. 

Your brain needs to know that this matters. Get 
involved with the stories. Make up your own 
captions for the photos. Groaning over a bad joke 
is still better than feeling nothing at all. 

(9^ Take the final Coffee Cram mock exam 
only AFTER you finish the book. 

If you take the exam too soon, you won’t get a 
clear picture of how ready you are for the exam. 
Wait until you think you’re close to ready, and then 
take the exam. And be sure you only give yourself 
180 minutes — the length of time you’ll have to 
take the real SGWGD exam. 
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What you need for this book: 

Besides your brain and a pencil, you need Java，Tomcat 5, and a 
computer. 

You do not need any other development tool, such as an Integrated Development 
Environment (IDE). We strongly recommend that you not use anything but a 
basic editor until you complete this book. A servlet/JSP-aware IDE can protect 
you from some of the details that really matter (and that you’ll be tested on), so 
you’re much better off developing the bean code completely by hand. Once you 
really understand what’s happening, you can move to a tool that automates some 
of the servlet/JSP creation and deployment steps. If you already know how to 
use Ant, then after chapter 3, you can switch to using it to help you deploy, but 
we don’t recommend using Ant until after you’ve completely memorized the 
web app deployment structure. 

- GETTING TOMCAT - 

■ If you don’t already Java SE vl .5 or greater, you’ll need it. 

■ If you don’t already have Tomcat 5, go get it from: 

http://tomcat.apache.org/ 

Select “Tomcat v5.5” in the Downloads menu on the left side of the home page. 

■ Scroll down to the “Binary Distributions” section and download the version of your 
choice. If you do not know, then select the “Core” distribution; it is all you need. 

■ Save the installation file in a temporary directory. 

■ Install Tomcat. 

For Windows, that means double-clicking the install .exe file and following the 
installer wizard instructions. 

For the others, unpack the install file into the place on your hard drive where you 
want Tomcat to be. 

■ To make it easier to follow the book instructions, name the Tomcat home directory 
“tomcat” (or set up a “tomcat” alias to the real Tomcat home). 

■ Set environment variables for JAVA_HOME and TOMCAT_HOME, in whatever 
way you normally set them for your system. 

■ You should have a copy of the specs, although you do not need them in order to 
pass the exam. At the time of this writing, the specs are at: 

Servlet 2.4 (JSR #154) http://jcp.org/en/jsr/detail7icM 54 
JSP 2.0 (JSR #152) http://jcp.org/en/jsr/detail7icM 52 
JSTL 1.1 (JSR #52) http://jcp.org/en/jsr/detail?id=52 

Go to the JSR page and click on the Download Page for the final release. 

■ Test Tomcat by launching the tomcat/bin/startup script (which is startup.sh) for 
Linux/Unix/OS X. Point your browser to: 

http://localhost:8080/ and you'll see the Tomcat welcome page. 




Java 2 Standard Edition 1.5 
Tomcat 5 

The exam covers the 
following specs: 

■ Servlets 2.4 

■ JSP 2.0 

■ JSTL 1.1 
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Last-mmute things you need to know: 


This is a learning experience, not a reference book. We deliberately stripped out 
everything that might get in the way of learning whatever it is we’re working on at that 
point in the book. And the first time through, you need to begin at the beginning, 
because the book makes assumptions about what you’ve already seen and learned. 

We use simple UML-like diagrams. 

Although there’s a good chance you already know UML, it’s not covered on the exam, 
and it’s not a prerequisite for the book. So you won’t have to worry about learning 
servlets, JSP, JSTL, and UML at the same time. 

We don’t cover every single picky detail from the spec. 

The exam is pretty detailed, though, and so are we. But if there’s a detail in the spec 
that’s not covered in the exam, we don’t talk about it unless it’s important to most 
component developers. What you need to know to begin developing web components 
(servlets andJSPs), and what you need to pass the exam, overlap about 85%. We 
cover a few things not on the exam, but we point them out so you don’t have to try to 
memorize them. We created the real exam, so we know where you should focus your 
energy! If there’s a chance that this one picky detail might be on one question on the 
exam, but the effort to learn it isn’t really worth it, we might skip it, or cover it only 
very lightly, or only in a mock exam question. 
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Director 


getMovies 

getOscars() 

getKevin Bacon Degrees() 


The activities are NOT optional. 

The exercises and activities are not add-ons; they’re part of the core content of the 
book. Some of them are there to help with memory, some for understanding, some to 
help you apply what you’ve learned. Don’t skip anything. 

The redundancy is intentional and important. 

One thing that’s distinctly different in a Head First book is that we want you to really really 
really get it. And we want you to finish the book remembering what you’ve learned. Most 
information or reference books don’t necessarily have retention and recall as a goal, but 
in this book you’ll see some of the same concepts come up more than once. 


The code examples are as lean as possible 

Our readers tell us that it’s frustrating to wade through 200 lines of code looking 
for the two lines they need to understand. Most examples in this book are shown 
within the smallest possible context, so that the part you’re trying to learn is clear and 
simple. Don’t expect the code to be robust, or even complete. That’sassignment 
for after you finish the book. The book examples are written specifically for learning, 
and aren’t always fully functional. Some of the code examples for the book are 
available at www . headfirstlabs . com. 
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taking the exam 


About the SCWCP (for Java EE 1.5) exam 

The updated SGWGD exam is called “Sun Certified Web Component Developer for the Java 
Platform, Enterprise Edition 5” (GX-310-083), but don’t get confused by the title. The updated 
exam is still designed for Java EE vl.4 and for the servlet v2.4 and JSP v2.0 specifications. 

Do I first have to pass the SCJP? 

Yes. The Web Component Developer exam, the Business Component Developer exam, The 
Mobile Application Developer exam, the Web Services Developer exam, and the Developer exam 
all require you to be a Sun Certified Java Programmer. 

How many questions? 

You’ll get 69 questions when you take the exam. Not everyone gets the same 69 questions; there 
are many different versions of the exam. But everyone gets the same degree of difficulty, and the 
same balance of topics. On the real exam, expect to see at least one question from each exam 
objective, and there are a few objectives where you’ll get more than one question. 

How much time do I get to complete the exam? 

You get three hours (180 minutes). Most people don’t find this to be a problem, because these 
questions don’t lend themselves to long, complicated, puzzles. Most questions are very short and 
are multiple-choice, and you either know the answer or you don’t. 


What are the questions like? 

They are almost exactly like our mock exam questions, with one big difference — the real exam tells 
you how many answers are correct, where we do not. You will see a handful of drag-and-drop 
questions, however, that we can’t do here. But drag-and-drop questions are just the interactive way 
of matching one thing to another. 

How many do I have to answer correctly? 

You must get 49 questions correct (70%) to pass the exam. When you finish answering all of the 
questions, hold your mouse cursor over the done button until you have the courage to click it. 
Because in, like, six nanoseconds, you’ll know whether you passed (of course you will). 

Why don’t the mock exams in the book tell you how many options to 
choose for the correct answer? 

We want our exams to be just a little more difficult than the real exam, to give you the most 
realistic picture of whether you’re ready to take the exam. People tend to get higher scores on 
book mock exams because they retake the same test more than once, and we don’t want you to get 
a false picture of your readiness to take the exam. Readers have reported that the score they get on 
the real exam is very close to the score they get on the mock final exam in this book. 
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What do I get after I take the exam? 

Before you leave the testing center, be sure to get your exam report. It shows a summary of your score 
in each major area, and whether you passed or failed. Keep this! It ? s your initial proof that you’ve been 
certified. A few weeks after the test, you’ll get a little package from Sun Educational Services that 
includes your real printed certificate, a congratulations letter from Sun, and a lovely lapel pin that says 
Sun Certified Web Component Developer in a font so incredibly small that you could pretty much 
claim to be certified in anything you like, and nobody could read it to tell the difference. It does not 
include the alcohol you’ll be wanting after you pass the exam. 


How much does it cost, and how do I register? 

The exam costs U.S. S200. Which is why you need this book... to make sure you pass the first time. 

You register through Sun Educational Services, by giving them your credit card number. In exchange, 
you’ll get a voucher number, which you’ll use to schedule an appointment at a Prometric Testing Center 
nearest you. 

To get the details online and buy an exam voucher, start at: http : / / www. sun . com/training/ 
certification/. If you’re in the U.S., you’re all set. If you’re not in the U.S., you can select a 
country from the right menu bar. 


What’s the exam software like? 

It’s dead simple to use — you get a question, and you answer it. If you don’t want to answer it, you can 
skip it and come back to it later. If you do answer it, but aren’t sure, and you want to come back to it if 
you have more time, you can “mark” a question. Once you’re done, you’ll see a screen that shows all of 
the questions you haven’t answered, or have marked, so that you can go back to them. 

At the very beginning of the exam you’ll get a short tutorial on how to use the software, where you get 
a little practice test (not on Servlets). The time you spend in the tutorial does not count as time spent on 
the SGWGD exam. The clock doesn’t start until you’ve finished the exam software tutorial and you’re 
ready to begin. 

Where can I find a study group, and how long will it take to prepare? 

The best online discussion group for this exam just happens to be the one that the authors moderate! 
(Gosh, what are the odds?) Stop byjavaranch.com and go to the Big Moose Saloon (that’s where 
all the discussion forums are). You can’t miss it. There will always be someone there to answer your 
questions, including us. JavaRanch is the friendliest Java community on the Internet, so you’re welcome 
no matter what level you’re at with Java. If you still need to take the SGJP, we’ll help you with that one 
too. 

How long it takes you to get ready for the exam depends a lot on how much servlets andJSP 
experience you’ve had. If you’re new to servlets andJSP, you might need anywhere from 6 to 12 weeks, 
depending on how much time you can devote to it each day. Those with a lot of recent servlets andJSP 
experience can often be ready in as little as three weeks. 
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Other people to bb MG ： 

At O’Reilly: 

Our biggest thanks to Mike Loukides at O’Reilly, for starting it all, and 
helping to shape the Head First concept into a series. We love having an editor 
who is a Real Java Guy. And a big thanks to the driving force behind Head First, 

Tim O’Reilly Lucky for us, he’s always thinking about the future, and enjoys 
being a disruptive influence. Thanks to the clever Head First “series mom” Kyle 
Hart for figuring out how Head First fits into the rest of the computer book 
world. 


Our intrepid reviewers: 


OK, so the book took a little longer than we’d planned. But without JavaRanch 
review manager Johannes dejong, it would have been scarily late. You are our 
hero, Johannes. And our special thanks to Joe Konior, whose feedback on each 
chapter was pretty much the same size as the chapter. We deeply appreciate the 
relentless effort and expertise (and cheerfulness) of Philippe Macquet. All 
three of the authors love him so much we want to marry him...but that would 
be weird. And we’re very grateful to Andrew Monkhouse for both technical 
feedback and help with the subtle English-to-Australian translations. Jef 
Cumps, your MP3 rendition of the “setHeader” song was terrific (except for 
maybe being a bit emo), and your technical comments were really helpful. 


Dave Wood hammered us on everything, and was fond of pointing to early 
pages and saying, “That’s not very Head Firsty.” We also got some excellent 
feedback from JavaRanch moderators Jason Menard, Dirk “fish face” 
Schreckmann, Rob Ross, Ernest Friedman-Hill, and Thomas Paul. 

And as always, thanks especially to the javaranch.com Trail Boss, Paul Wheaton. 


Special thanks to the following tech reviewers for the second edition: Bear 
Bibeault, Theodore Casser, Ulf Dittmer, Preetish Madalia, Sergio 
Ramirez, Oliver Roell, Neeraj Singhal ， and Collins Tchoumba. 

Mock Exam Questions 

If you find yourself banging your head over a particularly twisty or turn-y 
JSP mock question, don’t blame us — blame Marc Peabody! Thanks Marc for 
helping us keep all the SGWGD candidates on their toes. Marc spends copious 
amounts of his free time moderating at JavaRanch, where he has been known 
to incite ranchers to construct horrible mashups out of innocent Java EE 
technologies. 



Mav-d Peabody 
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still more acknowledgments 


Even more people* 

From Bryan Basham 

I could start by thanking my Mom, but that’s been done before... My knowledge of Java 
web development is founded in a few medium-scale applications that I have written, but 
that foundation was honed and refined by years of debate on a Java instructor email 
alias internal to Sun. In particular, I would like to thank Steve Stelting, Victor Peters, 
Lisa Morris, Jean Tordella, Michael Judd, Evan Troyka, and Keith Ratliff. There were 
many people that carved my knowledge, but these six have been the knives that have cut 
me the deepest. 

As with all book projects, the last three months were pretty difficult. I want to thank my 
fiance, Kathy Gollina, for being patient with me. I want to thank Karma and Kiwi (our 
cats) for the late night sessions of lap-sitting and keyboard trouncing. 


Lastly, and most importantly, I must thank Kathy and Bert for even suggesting that 
we take on this project. Kathy Sierra is truly unique in the world. Her knowledge of 
metacognition and instructional design is matched only by her creative juice that pours 
out of her Head First books. I have worked in education for five years now and I have 
learned nearly everything I know from Kathy... Oh, don’t worry about my Mom; she 
will get a big dedication in my next Head First book. I love you, Mom! 


From Kathy and Bert 


That was so mushy Bryan, geez. (Not that Kathy doesn’t appreciate the sucking up.) We 
agree about your fiance, though. But it’s not like she missed you, out playing Ultimate all 
summer long while we were working like dogs at our Powerbooks. But you really made 
this a rewarding experience Bryan, and you’re the best 1 co-author we’ve ever had! It’s 
almost frightening how calm and happy you are all the time. 

We all appreciate the hard-working Sun exam certification team, especially Java cert 
manager Evelyn Cartagena, and we thank all the folks who helped develop the JSRs for 
the Servlet andJSP specs. 


*The large number of acknowledgments is because we’re testing the theory 
that everyone mentioned in a book acknowledgment will buy at least one copy, 
probably more, what with relatives and everything. If you’d like to be in the 
acknowledgments of our next book, and you have a large family, write to us. 

1 Point of clarification: Bryan is the only co-author we’ve ever had, but that in no 
way diminishes the intent. 
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intro and overview 


Why use Servlets & JSPs? 



Web applications are hot. Sure, GUI applications might use exotic 
Swing widgets, but how many GUI apps do you know that are used by millions 
of users worldwide? As a web app developer, you can free yourself from the 
grip of deployment problems all standalone apps have, and deliver your app to 
anyone with a browser. But to build a truly powerful web app, you need Java. 

You need servlets. You need JSPs. Because plain old static HTML pages are so, 
well, 1999. Today’s users expect sites that are dynamic, interactive, and custom- 
tailored. Within these pages you’ll learn to move from web site to web app. 


this is a new chapter 
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official Sun exam objectives 


- ， 


Servlets & JSP overview 


Coverage Notes: 


1 For each of the HTTP Methods (such as GET, 
POST, HEAD, and so on): 

* Describe benefits of the HTTP Method 

* Describe functionality of the HTTP Method 

* List triggers that might cause a Client 
(usually a Web browser) to use the method 

Also part of Objective 1.1, but not covered 
in this chapter: 


The objectives in this section are covered 
completely in another chapter, so think of 
this chapter as a first-look foundation for 
what comes later. In other words, don’t worry 
about finishing this chapter knowing (and 
remembering) anything specific from these 
objectives; just use it for background. If you 
already know these topics, you can just skim 
this chapter and jump to chapter 2. 

You won’t have any mock exam questions on 
these topics until you get to the more specific 
chapter where those topics are covered. 


* Identify the HttpServlet method that 
corresponds to the HTTP Method 
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intro and architecture 


Everybody wants a web site 

You have a killer idea for a web site. To destroy the competition, you 
need a flexible, scalable architecture. You need servlets and JSPs. 

Before we start building, let’s take a look at the World Wide Web 
from about 40k feet. What we care most about in this chapter are 
how web clients and web servers talk to one another. 

These next several pages are probably all review for you, especially if 
you’re already a web application developer, but it’ll give us a chance 
to expose some of the terminology we use throughout the book. 



Client 、 


Client 


Clieirn^— 


Server 
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web server 


What does your web server do? 

A web server takes a client request and gives 
something back to the client. 

A web browser lets a user request a resource. The web server gets the 
request, finds the resource, and returns something to the user. 
Sometimes that resource is an HTML page. Sometimes it’s a picture. Or 
a sound file. Or even a PDF document. Doesn’t matter — the client asks 
for the thing (resource) and the server sends it back. 

Unless the thing isn’t there. Or at least it’s not where the server is 
expecting it to be. You’re of course quite familiar with the “404 Not 
Found” error — the response you get when the server can’t find what it 
thinks you asked for. 

When we say “server”，we mean either the physical machine (hardware) 
or the web server application (software). Throughout the book, if 
the difference between server hardware and software matters, we’ll 
explicitly say which one (hardware or software) we’re talking about. 


The the 
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response 


Client 




</head> 

<body> 

</body> 

</html> 
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<html> 

<head> 


</head> 


</head> 


<body> 
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Server 




<html> 

<head> 

</head> 


<body> 


</body> 

</html> 
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intro and architecture 


What does a web cligyit do? 

A web client lets the user request something on the 
server，and shows the user the result of the request. 

When we talk about clients, though, we usually mean both (or either) the 
human user and the browser application. 

The browser is the piece of software (like Netscape or Mozilla) that 
knows how to communicate with the server. The browser’s other big job 
is interpreting the HTML code and rendering the web page for the user. 

So from now on, when we use the term client, we usually won’t care 
whether we’re talking about the human user or the browser app. In 
other words, the client is the browser app doing what the user asked it to do. 


User clicks a link 
in the browser. 



User 


click 



Browser formats the 
request and sends it 
to the server. 


Server finds the 
requested page. 




request 
xyzl23.. 
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Browser 




Server 


<html> 

<head> 


<html ： 

<head> 

</head> 



<html> 

<head> 

</head> 

<body> 






<head> 

</head> 

<body> 

</body> 

</html> 





Browser gets the HTML 
and renders it into a 
display for the user. 




User 



tel 


Server 


<html> 

<head> 

<html> 
<t <head> 


</head> 


<html> 

<head> 

</head> 

<body> 






<html> 

<head> 

</head> 

D| 


<body> 


</body> 

</html> 
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HTML and HTTP 


Clients and servers 
know HTML awd HTTP 


HTML 


When a server answers a request, 
the server usually sends some type 
of content to the browser so that the 
browser can display it. Servers often 
send the browser a set of instructions 
written in HTML, the HyperText 
Markup Language. The HTML 
tells the browser how to present the 
content to the user. 

All web browsers know what to do 
with HTML, although sometimes an 
older browser might not understand 
parts of a page that was written using 
newer versions of HTML. 


HTTP 


Most of the conversations held on the 
web between clients and servers are 
held using the HTTP protocol, which 
allows for simple request and response 
conversations. The client sends an 
HTTP request, and the server answers 
with an HTTP response. Bottom line: 
you’re a web server,you speak HTTP 

When a web server sends an HTML 
page to the client, it sends it using 
HTTP. (You’ll see the details on how 
all this works in the next few pages.) 

(FYI: HTTP stands for HyperText 
Transfer Protocol.) 



A wise question. In order 
to communicate, they must 
share a common language. On 
the web, clients and servers 
must speak HTTP, and browsers 
must know HTML 



HTML tells Ae browser 
howto displayihe content 
to Ae user. 


HTTP is Ae protocol 
clients and servers use on 
ihe web to eo 顺 unieate. 


The server uses HTTP to 

Send HTML to the client. 
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Two-miwute HTML guide 

When you develop a web page, you use HTML to describe what the 
page should look like and how it should behave. 

HTML has dozens of tags and hundreds of tag attributes. The goal 
of HTML is to take a text document and add tags that tell the browser 
how to format the text. Below are the tags we use in the next several 
chapters. If you need a more complete understanding of HTML, we 
recommend the book HTML & XHTML The Definitive Guide (O’Reilly). 


Tag 


Description 


< ! —— —— > 


where you put your comments 


<a> 


anchor - usually for putting in a hyperlink 


<align> 


<body> 


<br> 


<center> 


<form> 


align the contents left, right, centered, or justified 
define the boundaries of the document’s body 



a line break 


center the contents 


⑽ r ll7 “ 

3 上 alW 十产 

⑽ U 的伤“ mL 乎 7 . 


define a form (which usually provides input fields) 


<hl> 

<head> 

<html> 

<input type> 

<p> 

<title> 


the first level heading 

define the boundaries of the document’s header 
define the boundaries of the HTML document 
defines an input widget to a form 
a new paragraph 
the HTML document’s title 
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writing HTML 


What you write... 

(the HTML) 

Imagine you’re creating a login page. The simple HTML 
might look something like this: 




⑥ 




⑤ 


<html> 

<!-- Some sample HTML --> 









<head> 

<title>A Login Page</title> 

</head> 

<body> 

<hl align= 〃 center 〃 >Skyler , s Login Page</hl> 

<p align= 〃 right〃> 

<img src="SKYLER2•jpg" width="130" height:"150"/> 
</p> • 





<form action="date2"> ' \}\t 

Name : <input type=〃text 
Password: <input type=〃text 


kt V s 

cst V 


CY^< 


TV^> % ” f 


Jde a … 
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ff 


u 


name: 


name: 


r paraml ’’ /Xbr/> 

r param2 "/Xbr/Xbr/Xbr/> 


<center> 

<input type="SUBMIT"/> 
</center 〉 


</form> 

</body> 

</html> 
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You need only the most basic HTML 
1 knowledge. 

HTML pops up all over the exam. But you’re 
not being tested on your HTML knowledge. You’ll see 
HTML in the context of a large chunk of questions, 
though, so you need at least some idea of what’s 
happening when you see simple HTML. 
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What the browser creates... 

The browser reads through the HTML code, creates the 
web page, and renders it to the user’s display. 




r\ 


A Logiin Page 
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http://www.wickedlysmart.com/skylogin.html 
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Skyler’s Login Page 
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HTTP protocol 


What is the HTTP protocol? 


HTTP runs on top of TCP/IP. If you’re not familiar with 
those networking protocols, here’s the crash course: TCP 
is responsible for making sure that a file sent from one 
network node to another ends up as a complete file at the 
destination, even though the file is split into chunks when 
it’s sent. IP is the underlying protocol that moves/routes 
the chunks (packets) from one host to another on their 
way to the destination. HTTP, then, is another network 
protocol that has Web-specific features, but it depends 
on TCP/IP to get the complete request and response 
from one place to another. The structure of an HTTP 
conversation is a simple Request/Response sequence; a 
browser requests, and a server responds. 


Key e/e 

stream: 


men tsofth e 


re€ iuest 


be Performed)^ ^ action to 



HTTP request 


1=3 


Client 


HTTP response 
Key elements of the 

f 0 SpOllS 6 Str63fTl. 

>/\ status code (for whether 
the request was successful) 

> Content-type (text, picture, 
HTML, etc.) 

>The content (the actual 
HTML, image, etc.) 



You don’t have to memorize the HTTP spec. 


The HTTP protocol is an IETF standard, RFC 2616. If you care. 
(Fortunately, the exam doesn’t expect you to.) Apache is an example of 
a Web server that processes HTTP requests. Mozilla is an example of 
a Web browser that provides the user with the means to make HTTP 
requests and to view the documents returned by the server. 


10 


chapter 1 





















intro and architecture 


HTML is part of the HTTP respowsc 

An HTTP response can contain HTML. HTTP adds header 
information to the top of whatever content is in the response (in 
other words, the thing coming back from the server). An HTML 
browser uses that header info to help process the HTML page. Think 
of the HTML content as data pasted inside an HTTP response. 




Web 

browser 



HTTP request 


Client 


HTTP header 

Weh "the birowseir -Pihds the 

<hUl> V — •• 丄 

ni 一 irehdcirihg mode ahd 

displays the page ^ ihc usev 

^cv> Woy/scv ^c-b -to ^ ^ 

la% •» 七 3 c ^ atcs 

ttTTP vc<\ucst {p 50 yt the 

deseed. ktWistasc 
七 he Wowcv Will wake a sttoY\d 
HTTP 

vcW^tca *m i\\t <y^> ^ 


HTTP response 



Server 



HTTP body 
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HTTP methods 


If thafs the response, whafs m the request? 

The first thing you’ll find is an HTTP method name. These aren’t Java 
methods, but the idea is similar. The method name tells the server the 
kind of request that’s being made, and how the rest of the message will be 
formatted. The HTTP protocol has several methods, but the ones you’ll use 
most often are GET and POST. 


GET 


User clicks 
a link to a 
产 new page. 



Browser sends an HTTP GET 





User 


Browser 


Server 


<html> 

<head> 


<html ： 

<head> 

</head> 



<html> 

<head> 

</head> 

<body> 




<html> 

Dj 

<head> 

</head> 


<body> 


</body> 

</html> 



POST 



User types in a 
form and hits the 
Submit button. 


Browser sends an HTTP POST 
to the server, giving the 
server what the user typed 
into the form. 





/Hll 瞄 


User 


Browser 


Server 


<html> 

<head> 


<html ： 

<head> 

</head> 



<html> 

<head> 

</head> 

<body> 






<html> 


<head> 

</head> 


<body> 


</body> 

</html> 
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intro and architecture 


frET is a simple request 
POST caw send user data 


GET is the simplest HTTP method, and its 
main job in life is to ask the server to get a 
resource and send it back. That resource might 
be an HTML page, a JPEG, a PDF, etc. Doesn’t 
matter. The point of GET is to get something 
back from the server. 

POST is a more powerful request. It’s like a 
GET plus plus. With POST, you can request 
something and at the same time send form data 
to the server (later in this chapter we’ll see what 
the server might do with that data). 


r^iiereifirejiP 

Dumb Questions 

o ： 

So what about the other HTTP methods 
besides GET and POST? 


A • 

Those are the two big ones that everybody 
uses. But there are a few rarely used methods (and 
Servlets can handle them) including HEAD, TRACE, 
PUT, DELETE, OPTIONS, and CONNECT. 


You really don’t need to know much about these 
others for the exam, although you might see 
them appear in a question. The Life and Death 
of a Servlet chapter covers the rest of the HTTP 
method details you’ll need. 


Wait a minute... I 
could swear IVe seen 
GET requests that did 
send some parameter 
data to the server. 
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HTTP GET 


It's true... you caw send a little data with HTTP ftET 


But you might not want to. Reasons you might use POST instead of GET include: 

① The total amount of characters in a GET is really limited (depending 
on the server). If the user types, say, a long passage into a “search” 
input box, the GET might not work. 

( 5 ) The data you send with the GET is appended to the URL up in 
the browser bar, so whatever you send is exposed. Better not put a 
password or some other sensitive data as part of a GET! 


(§) Because of number two above, the user can’t 
bookmark a form submission if you use POST 
instead of GET. Depending on your app, you may 
or may not want users to be able to bookmark the 
resulting request from a form submission. 
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Bill Wilde 

greenhorn 

Member 




Hi every one 
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intro and architecture 


Awatomy of aw HTTP&ET request 


The path to the resource, and any parameters added to the 
URL are all included on the “request line’’. 




a o 咖 





The Rc^ucs-t 
headers. 




Host: www.wickedlysmart.com 

User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-0; en-US; rv:1.4) Gecko/ 
20030624 Netscape/7.1 

Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/ 

plain;q=0.8,video/x-mng,i mage/png,image/j peg,image/gif;q=0.2,*/*;q=0.1 

Accept-Language: en-us,en;q=0.5 

Accept-Encoding: gzip,deflate 

Accept-Charset: ISO-8859-1 ,utf-8;q=0.7,*;q=0.7 

Keep-Alive: 300 

Connection: keep-alive 


Hey server... GET me the page 
on this host thafs at /select/ 
selectBeerTaste.jsp and, oh yeah, 
here are the parameters for you ： 
color = dark (& taste = malty. And 
hurry it up. 


Sure, ril go GET 
that page and thanks for 
the parameters. And just FYI, 
'hurry it up” is not part of 
the HTTP protocol. 


Web 

browser 


HTTP request 



Client 


Server 
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HTTP POST 


Awatomy of aw HTTP POST request 

HTTP POST requests are designed to be used by the browser to 
make complex requests on the server. For instance, if a user has just 
completed a long form, the application might want all of the form’s 
data to be added to a database. The data to be sent back to the server 
is known as the “message body” or “payload” and can be quite large. 


TV 




The Rc^ucs-f： 
headers. 






^ a vj\ 0 aA 


Tk HTTP 

Method- 


SO ^ 






〆 


TV 此作⑽ 



POST /advisor/selectBeerTaste.do HTTP/1.1 
Host: www.wickedlysmart.com 

User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4) Gecko/ 
20030624 Netscape/7.1 

Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/ 

plain;q=0.8,video/x-mng,image/png,image/j peg,image/gif;q=0.2,*/*;q=0.1 

Accept-Language: en-us,en;q=0.5 

Accept-Encoding: gzip,deflate 

Accept-Charset: ISO-8859-1 ,utf-8;q=0.7,*;q=0.7 

Keep-Alive: 300 ， 

Connection: keep-alive av-c dowh ^ 


color=dark&taste=malty 




Hey server... please POST this 
to the resource at ： /advisor/ 
selectBeerTaste.do. Don't forget 
to look inside the body for the 
important data I’m sending. 


Sure, Til find that 
resource (ifs actually a 
little application) and when I 
do, ril give it the data in the 
request body you sent. 


Web 

browser 


HTTP request 



Client 
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intro and architecture 


Anatomy of aw HTTP response , awd 
what the heck is a "MIME type"? 

Now that we’ve seen the requests from the browser to the server, let’s 
look at what the server sends back in response. An HTTP response 
has both a header and a body. The header info tells the browser about 
the protocol being used, whether the request was successful, and 
what kind of content is included in the body. The body contains the 
contents (for example, HTML) for the browser to display. 






Y MC< ' s 


HTTP 

Response 

Kcadcv-s. 


TKc body Kolds i\\t 
HTML, or o*tKcv- 
*to be 
v-cy\dcv-cd- 


\ 




6od^ 


t- 




A vcirsioh of 
^ s ^ius code. 


HTTP/1.1 200 OK 

Set-Cookie: JSESSIONID=OAAB6C8DE415E2E5F307CF334BFCA0C1; Path=/testEL 


Content-Type: text/html 


Content-Length: 397 
Date: Wed, 19 Nov 2003 03:25:40 GMT 
Server: Apache-Coyote/1.1 
Connection: close 

<html> 


</html> 


Here's my response 
to your request. Its 
type is text/html, but in your 
request you said that was 
OK. So unless you were 
lying to me... 


匕 0h W - type ircspohsc headers 

va,uc ,s as a IV\\/V\t iwpe 

tdu tK. ZoZ\^ 

UA ^ Aa ^ ^ blrowscv. is about h> 
^ive so ihai ih c bvows^ will k.ow 
how to vchdcv- it. 

^ ihai the mt type va| uc 
plates io ihc values listed ih 

；7° look ai ^ 4 咖 

thc ㈣ 。 us P，’ s POST 叫 《£,) 


Web 

browser 


HTTP response 

- 1 Ht ^P/1.1200 0K 


Client 





j 


Server 
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request and response 


All the pieces. 
On one page. 





I O + 0 http://www.wickedlysmart.com/test1/Beer1.html 


Q\ 


QP Apple .Mac Amazon eBay Yahoo! News 






The bvowsev dveates by\ 

HTTP 6(BT request 


GET /testl/Beerl.html HTTP/1.1 

Host: www.wickedlysmart.com 

User-Agent: Mozilla/5.0 (Macintosh. 


Beerl.html 


t =3 




Server 


an 

VTTT? ves^sc- 



HTTP/1.1 200 OK 
Set-Cookie:... 


<html><body> 

<h1 align=center>Beer Login Page</h1> 
<form> 

Select a beer type or buy beer... 


― 


/ H 11 


tlrowsc^ 

Sr ^ 


<htmlxbody> 

<hl align=center>Beer Login Page</hl> 
<form> 

Select a beer type or buy beer 
making supplies?<p> 

〈input type=radio name=select 
value=Select> Select a beer<br> 
〈input type=radio name=select 

value=Buy> Buy supplies<br><br> 
<center> 

<input type=SUBMIT> 

</center> 

</form> 

</body></html> 



| 4 » 麗 o ■ + BC 




QQ Apple Amxeon eK 

ay Yahoo) N 




Client 



Beer Login Paye 

Sclccl a beer lype w buy beer making supplies? 


looks 

io a 


Srkvi a Iwr 
Buy supplies 


Submit 
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intro and architecture 


e^^rpen your pencil 


GET or POST? 

For each description, circle either POST or GET 
depending on which HTTP method you’d choose 
for implementing that functionality. If you think it 
could be either, circle both. But be prepared to 
defend your answers... 


POST GET 
POST GET 
POST GET 
POST GET 
POST GET 
POST GET 
POST GET 
POST GET 


A user is returning a login name and password. 

A user is requesting a new page via a hyperlink. 

A chat room user is sending a written response. 

A user hits the ‘next’ button to see the next page. 

A user hits the ‘log out button on a secure banking site. 
A user hits the ‘back’ button on the browser. 

A user sends a name and address form to the server. 

A user makes a radio button selection. 


you are here ► 
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anatomy of a iRL 


URL. Whatever you do, don't pronounce it "Earl" 

When you get to the U’s in the acronym dictionary there’s a traffic jam... URI, 
URL, URN, where does it end? For now, we’re going to focus on the URLs, or 
Uniform Resource Locators, that you know and love. Every resource on the web 
has its own unique address, in the URL format. 




' f * nc hdme or the 
eohteht bcihg requested. This 
^\d be a, ml a 

scirvlct, image, PDF, music, 

video, oir ahythihg else the 
wvcir -Peels like sewing. ^ this 
optical pairt URL is 

left out, most web wvm Will 
look ^ by dc-fauli 


?>ro{x)to \： Tells the 

whidh dorhmuhidatiohs 
p\ro*todol fih this tasc 
ttTTP) will be used. 


Sr ， 


潑 Isa 

? ° V \ 





http://www.wickedlysmart.com:8 0/beeradvice/select/beer1.html 


TliC u^i<^uc o-P 
七 he physical sc\rvcv you Ye lookmg 
•fov. This maps *to d unique 
IP addv-css. |P addresses av-e 

r>urwCV"ifi. and "tclkc "the -fovrw 认乂乂乂 . 

yyy.izz-aaa” cav\ spedi-fy av\ 

IP dddv^ess hcv*c ms^tedd o( d scv*vcv- 
bui a scv-vc\r is a lot 
casic\r -fco \rcrwcmbcv*. 


PartVv TV^c {p Uaho^ 

ov,^C 州 ％ d 』 

b 蚵 jested. Bedause 

UW, IXW q 山乂 ， “WUscd ^ 
acs6V.be dwW/ WwaaWs 

OV\ -tV^C SCV-VCV. 


N °i she, 


Z S ^OV/ h： 

九 ^/ 【 w 。 

二 i “ t 汔穴仏 3 

^ r^eic^ / ； wiih 
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intro and architecture 



Well-known TCP port numbers 
for common server applications 


A TCP port is just a number 

A 16-bit number that identifies a 
specific software program on the 
server hardware. 


Your internet web (HTTP) server software runs on port 
80. That’s a standard. If you’ve got a Telnet server, it’s 
running on port 23. FTP? 21. POP3 mail server? 110. 
SMTP? 25. The Time server sits at 37. Think of ports as 
unique identifiers. A port represents a logical connection 
to a particular piece of software running on the server 
hardware. That’s it. You can’t spin your hardware box 
around and find a TCP port. For one thing, you have 
65536 of them on a server (0 to 65535). For another, 
they do not represent a place to plug in physical devices. 
They’re just numbers representing a server application. 

Without port numbers, the server would have no way of 
knowing which application a client wanted to connect to. 
And since each application might have its own unique 
protocol, think of the trouble you’d have without these 
identifiers. What if your web browser, for example, landed 
at the POP3 mail server instead of the HTTP server? The 
mail server won’t know how to parse an HTTP request! 
And even if it did, the POP3 server doesn’t know anything 
about serving back an HTML page. 

If you’re writing services (server programs) to run on a 
company network, you should check with the sys-admins 
to find out which ports are already taken. Your sys-admins 
might tell you, for example, that you can’t use any port 
number below, say, 3000. 



Usmj oy\C sc\rvcv- app pc\r po\rt, d sc\rvcv 
da 的 have up *to 厶厶 scv-vcv- 


The TCP port numbers 
from o to 1023 are 
reserved for well - tnown 
services (including Ae 
Big One we care about- 
port 80). Don't use these 
ports fop your own 
custom server programs! 


you are here ► 
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web site directory 


Pircctory structure for a simple Apache web site 


We’ll talk more about Apache and Tomcat later, but for now let’s assume that our simple 
web site is using Apache (the extremely popular, open source web server you’re probably 
already using). What would the directory structure look like for a web site called www. 
wickedlysmart.com, hosting two applications, one giving skiing advice, and the other 
beer-related advice? Imagine that the Apache application is running on port 80. 

The .html pages are each marked with a letter (A, B, G, D) for the exercise on the 
opposite page. 


r — I 

[Apache home | 

i 


is "the default 
七 ha 七 will be 
*to a usev who keys 
W wv/wy/i£.kcdlysma\r*t.d.om/ 
m*to his browser. 


❹ 



^ scv-vcv- Will assume 

七 w -.s tKc 

*tV\c rooi W all o\ tnc 

scv'vc^s >wck 


T W root Wdcv 
W 一 M 心 


ov\ 

七 Wis SCV-VCV-. 




beerAdvice 


lndex.html 




lndex.html 


lndex.html 



_ dv, 々 ^PP/i^io h . 


TKc -foldcv-s -fov- 
i\\t kccv-Adv'itc 
app’s b*io ac-tio^s. 


o 




瓜 WT/VJL pay 似 

3 ives "the uw sor^e 
advice. 


22 


chapter 1 


selectBeer.html 




























intro and architecture 


f^^rpen your pencil 


Mapping URLs to content 


Look at the directory structure on the opposite page, then write in 
a URL that would get you to each of the four .html pages marked 
with the A, B, C, and D. We did the first one (A) for you, because 
that’s the kind of people we are. For the exercise, assume Apache is 
running on port 80. (The answers are at the bottom of the next page.) 



| ^ ► J | 0 J [ + 里 0 http://www.wickedlysma\rt dom 

o 

QQ Apple .Mac Amazon 圯 Bay Yahoo! IMcwst 



will cause the server to return to you the index.html page at location 



d r\ 

QP Apple .Mac Amazon eBay Yahoo! Mcwst 

will cause the server to return to you the index.html page at location 



- - 


ni n. ^ 

< 1 0 rn e 

PP Apple .Mac Amazon eBay Yahoo! IMcwst 

will cause the server to return to you the index.html page at location 





_ in 。 




i 

0 

3 © 

Q| 


QP Apple .Mac Amazon eBay Yahoo! Mcwst 



will cause the server to return to you the selectBeer.html page at location 
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static pages 


Web servers love serving 
static web pages 


This is what I do. 

Ask me for a page, I find it, 
and I hand it back. With a few 
headers. But thafs it. Do NOT 
ask me to, like, do anything 
to the page. 


A stage page just sits tee in a 
directory. The server finds it and 
hands it back to the client as is. 
Every client sees 也 e same 


Q 



<html> 

<head> 




<head> 

</head> 



<html> 

<head> 

</head> 

<body> 






<html> 

D| 

<head> 

</head> 


<body> 


</body> 

</html> 



TV^csc 50 s^ra—t 

just 

W 出 7 as *^7 从代 


web server 
machine 


But what if I want, say, the 
current time to show up on 
my page? What if I want a page 
that has something dynamic? 
Can’t I have something like a 
variable inside my HTML? 



<html> 

<body> 

The current time is 
</body> 

</html> 


\A^at 』从一 七 ^ 

somctWw vadaWe 
如 HTML 啊？ 



[insertTimeOnServer]. 



|UUJL| - J00aJO0|0S/JO0|0S/9O!ApVJ98q/lJUOO'lJBlJUSA|p0>jO!M-MMM -Q 

/0O!ApVJ99q/LUOOlJBLUSA|p8>|O!M - MMM-O 

/0O!APV6UN>|S/lJUOO - VIBlJUSA|p0>jO!M-MMM-a 

:e6ed sno|A8jd luojj sjsmsuv 
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intro and architecture 


Put sometimes you need more 
thaw just the web server 


O 


rm a web server 
application. I SERVE things. I 
don’t do computation on the things 
I serve. But... I know a real nice 
program on the same machine 
that CAN help you out. 

D 



That*s not a problem, 
ril take care of getting the 
request to the right helper app, then 
ril take that app*s response and send 
it back to the client. In fact, the 
client never needs to know that 
someone else did some 
O k of the work. 



web server 
application 


But how does that help? 

My clients are all web clients. 
The browser knows only about the 
web server... so it won’t be able 
to call that other application. 



another application 
on the server 


you are here ► 
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when a web server isn’t enough 


Two things the web server alone wow't do 

If you need just-in-time pages (dynamically-created pages that don’t 
exist before the request) and the ability to write/save data on the 
server (which means writing to a file or database), you can’t rely on 
the web server alone. 


1 Dynamic content 

The web server application serves only static pages, but a separate 
“helper” application that the web server can communicate with 
can build non-static, just-in-time pages. A dynamic page could 
be anything from a catalog to a weblog or even just a page that 
randomly chooses pictures to display. 


When instead of this: 


<html> 

<body> 

The current time is 
always 4:20 PM 
on the server 
</body> 

</html> 


You want this: 


<html> 

<body> 

The current time is 

[insertTimeOnServer] 

on the server 
</body> 

</html> 


Just-in-^iine pages don’t exist 
before ilie request comes in. 
It’S like making an HTML 
page out of iliinair. 

The request comes in, ^ie 
helper app “writes” flie 
HTML, and ^ie web Server 
gets it back to ike client. 


2 Saving data on the server 

When the user submits data in a form, the web server sees the form 
data and thinks, “So? Like I care?’’. To process that form data, 
either to save it to a file or database or even just to use it to generate 
the response page, you need another app. When the web server sees 
a request for a helper app, the web server assumes that parameters 
are meant for that app. So the web server hands over the parameters, 
and gives the app a way to generate a response to the client. 
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The wow-Java term fora web server 
helper app is "Cftr program 

Most CGI programs are written as Perl scripts, but many 
other languages can work including G, Python, and PHP. 
(CGI stands for Common Gateway Interface, and we don’t 
care why it’s called that.) 

Using CGI, here’s how it might work for a dynamic web page 
that has the current server date. 


① 



User clicks a link that has a URL 
to a CGI program instead of a 
static page. 


② 



紅 h u rr\^ 

Client 


web server machine 



web server 
app 



params 


helper app 



Web server application “sees” that 
the request is for a helper program, 
so the web server launches and 
runs the program. The web server 
app sends along any parameters 
from a GET or POST. 


③ 

Client 



web server machine 





web server 
app 


<html> 

<head> 

</head> 

4 


<body> 


</body> 

</html> 






helper app 


The helper app constructs the 
brand new page (that has the 
current date inserted) and sends 
the HTML back to the server. 

As far as the web server is 
concerned, the HTML from the 
helper app is a static page. 



The helper application is shut 
down, and the client gets back an 
HTML page that has the current 
date as part of its now-static 
content. 


you are here ► 
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two sides, CGI and Servlets 


Servlets and CW both play the role of a 
helper app m the web server 


Listen in as our two black belts discuss the pros 
and cons of CGI and Servlets. 


CGI 



Servlets 


CGI is better than Servlets. We write CGI scripts in 
Perl at our shop, because everybody knows Perl. 

I guess that’s fine if you use Java, since you know it. 
But it’s certainly not worth it for us to switch to Java. 
There’s no advantage. 

You challenge me? On what grounds? 


This is no different from Java... what do you 
callthe JVM? Is not every instance of the JVM a 
heavy-weight process? 


I see you have forgotten much. Web servers now are 
able to keep a single Perl program running between 
client requests. So the additional overhead argument 
is worthless. 


What are you talking about? Any G ORBA-compliant 
thing can be a J2EE client. 


Stop — I’m late for my Pilates class. But this is not 
over. We’ll have to finish it later. 


I doubt everybody knows Perl. I like Perl, but we’re all 
Java programmers in our shop so we prefer Java. 

With much respect, master, there are many 
advantages to using Java over Perl for the things you 
want to do with CGI. 

Performance, for one thing. With Perl, the server has 
to launch a heavy-weight process for each and every 
request for that resource! 

Ah, yes, but you see Servlets stay loaded and client 
requests for a Servlet resource are handled as separate 
threads of a single running Servlet. There’s no 
overhead of starting the JVM, loading the class, and 
all that... 


I have not forgotten, master. But it is not all web 
servers that can do that. You are talking about a 
special case which does not apply to all Perl CGI 
programs. But Servlets will always be more efficient in 
that way. And let’s not forget that a Servlet can be a 
J2EE client, while a Perl CGI program cannot. 

I do not mean a client to a J2EE program, I mean a 
client that is J2EE. A Servlet running in a J2EE web 
container can participate in security and transactions 
right along with enterprise beans and there are — 

to be continued … 
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c^^rpen your pencil 

Request 

Response 

Fill in the boxes with 
a description of what 
happens during that step 
in the process. This is a 
duplicate of page 18, so 
when you're finished, 
flip back to that page to 
compare your answers. 



rs rs 

r\ 



| O + 0 http://www.wickedlysmart.com/test1/Beer1.html 


CD 

Apple -Mac Amazon eBay Yahoo! News ▼ 



GET /testl/Beerl.html HTTP/1.1 

Host ； www.wickedlysmart.com 

User-Agent: Mozilla/5.0 (Macintosh... 


Beerl.html 


Server 



HTTP/1.1 200 OK 
Set-Cookie:... 

<html><body> 

<h1 align=center>Beer Login Page</h1> 
<form> 

Select a beer type or buy beer... 


<htmlxbody> 

<hl align=center>Beer Login Page</hl> 
<form> 

Select a beer type or buy beer 
making supplies?<p> 

〈input type=radio name=select 
value=Select> Select a beer<br> 
〈input type=radio name=select 

value=Buy> Buy supplies<br><br> 
<center> 

<input type=SUBMIT> 

</center> 

</form> 

</body></html> 


r% r'H 

m * | a } 

_—— 


QQ Apple 




*rOlrwjir 


Client 


Beer Login Page 


s 


St: Itrtl u bcti iypn nr bu> beer 

Q Se'U'ci a Iwr 
I Buiy jvupptk B }> 


looks 

io a 

咖础 o h . 


Submit 
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quickie look at servlets 


Servlets Pemystified (write, deploy, ruw) 


Just so those new to servlets can stop holding their breath, here’s a quick 
guide to writing, deploying, and running a servlet. This might create more 
questions than it answers — don’t panic, you don’t have to do this right 
now. It’s just a quick demonstration for those who can’t wait. The next 
chapter includes a more thorough tutorial. 

o Build this directory tree (somewhere not under tomcat). —- 




Write a servlet named ChlServlet.java and put it in the src directory (to 
keep this example simple, we aren’t putting the servlet in a package, but 
after this, all other servlet examples in the book will be in packages). 





Servlet { 


<webapp> 

doGet( 



} 


</webapp> 


Chi Servlet-java web.xml 


import javax.servlet.*; 
import j avax.servlet.http.*; 
import java.io.*; 

public class ChlServlet extends HttpServlet { 

public void doGet(HttpServletRequest request, 

HttpServletResponse response) 
throws 工 OException { 


S-ta^doivd sc\rvlct 

will be abou i ^OO pages 
dcs^vibihj this stu-ff). 


PrintWriter out = response.getWriter(); 
java.util.Date today = new java.util.Date(); 
out. print In (''<html> '' + 

''<body >〃 + 

''<hl align=center>HF\ A s Chapterl Servlet</hl >〃 
+ 、 '<br>’’ + today + 、 '</body>’’ + 、 '</html >’’）； 


Srr- 


Vt\ 3 

o\s \o^ 



Create a deployment descriptor (DD) named web.xml, put it 
in the etc directory 

<?xml version= 〃 l•0 〃 encoding= 〃 ISO-8851-l 〃 ?> 

<web-app xmlns=’’http : //j ava . sun . com/xml/ns/ j 2ee" 

xmlns : xsi=’’http : / /www. w3 . org/2001/XMLSchema-instance’’ 
xsi : schemaLocation=’’http : //j ava . sun . com/xml/ns / j 2ee 
http : //java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" 
version= 〃 2•4〃> 

<servlet> 

<servlet-name>Chapterl Servlet</ servlet-name> 
<servlet-class>ChlServlet</servlet-class> 

</servlet> 


<servlet-mapping 〉 

<servlet-name>Chapterl Servlet</ servlet-name> 
<url-pattern>/ Servl</ url-pattern> 

</servlet-mapping> 

</web-app> 


扣 d 加一 7 一士， 

> element ^ 

「 vlct - tlass> W Java Mass. 

•1 一 ? k 如广 c 心 

IaSCS -foV" tV'C VC^CS 
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0010 

1100 

0001 

0101 


Build this directory tree under the existing tomcat directory. 



From the projectl directory, compile the servlet... 

% javac -classpath / your path/tomcat/common/lib/ 
servlet-api.jar -d classes src/ChiServlet.java 

(This is dll o 灼 c ) 

(the ChlServlet.class file will end up in projectl/classes) 


Copy the ChlServlet.class file to WEB-INF/classes, and copy 
the web.xml file to WEB-INF. 

From the tomcat directory, start Tomcat... 

%bin/startup.sh 




Launch your browser and type in: 

http :// localhost : 8080/chi/Servl 

it should display: 


㈣ 


web.xml 


ChlServlet.class 


。 http://localhost:8080/chi/Servl 

f~] [ C~] [ + ] 0 http://localhost:80 ^ Google' 


PP Apple .Mac Amazon eBay Yahoo! 


HF’s Chapter 1 Servlet 



Tue April 10 16:20:01 MST 200# 


★r date ㈣ 崎，， 


For now, every time you update either a servlet class or the 
deployment descriptor, shutdown Tomcat: 


<webapp> 

</webapp> 


1 1 1 o 
X o o 1 1 
^ o o o 1 
o 1 o o 


%bin/shutdown.sh 


you are here ► 
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HTML in a printing sucks 


No offense here, 
but there's something 
SERIOUSLY wrong with this 
servlets picture... trying to stuff 
HTML inside a printlnQ?? That 
can’t be right... 






out • println ('' 

''<body> j 


c ' t，sr 


st 代 a, 


l <hl>Skyler \ r s Login Page</hl>’’ + 

‘<br >〃 + today + 

‘</body>’’ + 

Actually, trying to format HTML inside a 
servlefs out.printlw() pretty much sucks. 

This is one of the worst parts (no, the worst 
part) of servlets. Stuffing properly formatted 
HTML tags into the println(), just so that you 
can insert variables and method calls, is just 
brutal. Don’t even think about doing anything 
the least bit sophisticated. 


^JiereiEirejiP 

Dumb Questions 


0： 

It can’t be that bad... why can’t ■ just copy a 
whole page of HTML from my web page editor, like 
Dreamweaver, and paste it into the println(). It’s 
not like I have to be able to read the code in there. 


A • 

Obviously, you haven’t tried this yet. It sounds 
good. Yes. I’ll just make my page in a decent web 
page editor (or even a simple text file would be 
easier than in my Java code) and then a quick copy 
and paste into the println() and voila! 

Except you get about 1,378 compiler errors. 

Remember, you can’t have a carriage return (a real 
one) inside a String literal. And while we’re talking 
about Strings... what about all your HTML that has 
double-quote marks in it? 
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Oh if only there were a 
way to put Java inside an 
HTML page instead of putting 
HTML inside a Java class. 



She doesn't know about JSP 


<html> 

<body> 

<hl>Skyler /， s Login Page</hl> 
<br> 


<%= new java.util.Date() %> 

</body> 

</html> 



— 

skylerlogin.jsp 


WW>a! TW»s looks \»kc 


A JSP page looks just like an HTML page, except you 
can put Java and Java-related things inside the page. 

So it really is like inserting a variable into your HTML. 


you are here ► 
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Java meets HTML = JSP 


JSP is what happened when somebody 
introduced Java to HTML 

Putting Java into HTML is a solution for two issues: 


1 Not all HTML page designers 
know Java 

App developers know Java. Web page designers know 
HTML. With JSP, Java developers can do Java, and HTML 
developers can do web pages. 


2 Formatting HTML into a String 
literal is REALLY ugly 


Putting even marginally complex HTML into the argument to 
a println() is a compiler error waiting to happen. You might 
have to do a ton of work to get the HTML formatted properly 
in a way that still works in the client’s browser, yet satisfies 
Java rules for what’s allowed in a String literal. You can’t have 
carriage returns, for example, yet most of the HTML you’ll 
pull from a web page editor will have real carriage returns in 
the source. Quotes can be a problem too — a lot of HTML 
tags use quotes around attribute values, for example. And you 
know what happens when the compiler sees a double quote... it 
thinks, “This must be the end of the String literal.’’ Sure, you 
can go back and replace each of your double quotes with escape 
codes... but it all gets insanely error prone. 





Wait... there’s still something wrong here! Benefit number 
one says "Not all page designers know Java."” but the HTML page 
designer still has to write Java inside the JSP page!! JSP lets the Java 
programmer off the hook for writing HTML, but it doesn’t really help 
the HTML designer. It might be easier to write HTML in a JSP rather 
than in a println(), but the HTML developer still has to know Java. 


A ! 

Looks that way, doesn't it? But with the new JSP spec, and by 
following best practices, the page designer should be putting very 
little (or no) real Java into a JSP. They do have to learn something... but 
it’s more like putting in labels that call real Java methods rather than 
embedding the actual Java code into the page itself. They have to learn 
JSP syntax, but not the Java language. 
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— BULLET POINTS _ 

■ HTTP stands for Hypertext Transfer Protocol, and is the network protocol used on 
the Web. It runs on top of TCP/IP. 

■ HTTP uses a request/response model—the client makes an HTTP request, and the 
web server gives back an HTTP response that the browser then figures out how to 
handle (depending on the content type of the response). 

■ If the response from the server is an HTML page, the HTML is added to the HTTP 
response. 

■ An HTTP request includes the request URL (the resource the client is trying to ac¬ 
cess), the HTTP method (GET, POST, etc.), and (optionally) form parameter data 
(also called the “query string”). 

■ An HTTP response includes a status code, the content-type (also known as MIME 
type), and the actual content of the response (HTML, image, etc.) 

■ A GET request appends form data to the end of the URL 

■ A POST request includes form data in the body of the request. 

■ A MIME type tells the browser what kind of data the browser is about to receive so 
that the browser will know what to do with it (render the HTML, display the graphic, 
play the music, etc.) 

■ URL stands for Uniform Resource Locator. Every resource on the web has its own 
unique address in this format. It starts with a protocol, followed by the server name, 
an optional port number, and usually a specific path and resource name. It can also 
include an optional query string, if the URL is for a GET request. 

■ Web servers are good at serving static HTML pages, but if you need dynamically- 
generated data in the page (the current time, for example), you need some kind of 
helper app that can work with the server. The non-Java term for these helper apps 
(most often written in Perl) is CGI (which stands for Common Gateway Interface). 

■ Putting HTML inside a println() statement is ugly and error-prone, but JSPs solve 
that problem by letting you put Java into an HTML page rather than putting HTML 
into Java code. 


you are here ► 
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2 - level overview 


Web App Architecture 



Servlets need help. When a request comes in, somebody has to 
instantiate the servlet or at least make a new thread to handle the request. 
Somebody has to call the servlet's doPost() or doGet() method. And, oh yes, 
those methods have crucial arguments — the HTTP request and HTTP response 
objects. Somebody has to get the request and the response to the servlet. 
Somebody has to manage the life, death, and resources of the servlet. That 
somebody is the web Container. In this chapter, we’ll look at how your web 
application runs in the Container, and well take a first look at the structure of a 
web app using the Model View Controller (MVC) design pattern. 


this is a new chapter 
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official Sun exam objectives 




High-level Web App Achitecture 


Coverage Notes: 


1.1 For each of the HTTP Methods (such as GET, 

POST, HEAD, and so on), describe the purpose of 
the method and the technical characteristics of the 
HTTP Method protocol, list triggers that might cause 
a client (usually a Web browser) to use the Method, 
and identify the HttpServlet method that corresponds 
to the HTTP Method. 

1 Describe the purpose and event sequence of the 

servlet life cycle: (1) servlet class loading, (2) servlet 
instantiation, (3) call the init method, (4) call the 
service method, and (5) call the destroy method. 

2.1 Construct the file and directory structure of a Web 
Application that may contain (a) static content, (b) 
JSP pages, (c) servlet classes, (d) the deployment 
descriptor, (e) tag libraries, (f) JAR files, and (g) Java 
class files; and describe how to protect resource files 
from HTTP access. 


All of the objectives in this section are covered 
completely in other chapters, so think of this 
chapter as a first-look foundation for what 
comes later. In other words, don’t worry 
about finishing this chapter knowing (and 
remembering) anything specific from these 
objectives. 

You won’t have any mock exam questions on 
these topics until you get to the more specific 
chapter where those topics are covered. 

Enjoy this nice, simple, background material 
while you can! 

BUT...you do need to know this stuff before 
moving on. If you already have some servlet 
experience, you can probably just skim the 
pages, look at the pictures, do the exercises, and 
move on to chapter 3. 


2.2 Describe the purpose and semantics for each of 
the following deployment descriptor elements: 
servlet instance, servlet name, servlet class, servlet 
initialization parameters, and URL to named servlet 
mapping. 
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What is a Cowtamcr? 

Servlets don’t have a main() method. 
They’re under the control of another Java 
application called a Container. 


Tomcat is an example of a Container. When your web server 
application (like Apache) gets a request for a servlet (as 
opposed to, say, a plain old static HTML page), the server 
hands the request not to the servlet itself, but to the Container 
in which the servlet is deployed. It’s the Container that gives the 
servlet the HTTP request and response, and it’s the Container 
that calls the servlet’s methods (like doPostQ or doGetQ). 



web server machine 





Web 


browser 




Client 





response 


web server 
app 


<html> 


<head> 

</head> 


<body> 


</body> 

</html> 




web 

Container 

app 


<html> 

4 

</head> 


<body> 


</body> 

</html> 



"^servlet 
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life without servlets 


What if you had Java, but wo 
servlets or Cowtamers? 


What if you had to write a Java program to 
handle dynamic requests that come to a web 
server application (like Apache) but without a 
Container like Tomcat? In other words, imagine 
there’s no such thing as servlets, and all you have 
are the core J2SE libraries? (Of course, you can 
assume you have the capability 
of configuring the web server 
application so that it can invoke 
your Java application.) It’s OK if 
you don’t yet know much about 
what the Container does. Just 
imagine you need server-side 
support for a web application, and 
all you have is plain old Java. 


A true warrior would not 
use a Container. He would 
write everything using only 
J2SE and his bare hands. 


I 


List some of the functions you would have to implement in 
a J2SE application if no Container existed: 


来 Cv-c3*tc B socket sc\rvc\r, d\rca*tc d lis*tc^C\r -fo\r socket 


如 ireui Ajoui^ui - ^joddns s§u 叩 joj 

inoq 它 Moq ^uriD^s ^u^ui^duii p 它它 : sj^msto ^{qissoj 
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What does the Cowtamcr give you? 

We know that it’s the Container that manages and runs the 
servlet, but why? Is it worth the extra overhead? 


Communications support 


The container 


provides an easy way for your servlets to talk to your web 
server. You don’t have to build a ServerSocket, listen 
on a port, create streams, etc. The Container knows the 
protocol between the web server and itself, so that your 
servlet doesn’t have to worry about an API between, say, 
the Apache web server and your own web application 
code. All you have to worry about is your own business 
logic that goes in your Servlet (like accepting an order 
from your online store). 


Lifecycle Management 


The Container 


controls the life and death of your servlets. It 
takes care of loading the classes, instantiating and 
initializing the servlets, invoking the servlet methods, 
and making servlet instances eligible for garbage 
collection. With the Container in control, j ⑽ don’t 
have to worry as much about resource management. 


Multithreading Support 


The Container 


automatically creates a new Java thread for every servlet 
request it receives. When the servlet’s done running 
the HTTP service method for that client’s request, the 
thread completes (i.e. dies). This doesn’t mean you’re 
off the hook for thread safety — you can still run into 
synchronization issues. But having the server create and 
manage threads for multiple requests still saves you a lot 


of work. 


Declarative Security 


With a Container, you 
get to use an XML deployment descriptor to configure 
(and modify) security without having to hard-code it 
into your servlet (or any other) class code. Think about 
that! You can manage and change your security without 
touching and recompiling your Java source files. 


JSP Support 


You already know how cool JSPs are. 
Well, who do you think takes care of translating that JSP 
code into real Java? Of course. The Container. 


Thanfe to the Container, 
YOU get to concentrate more 
on your own business logic 
instead of worrying about 
writing code for dreading, 
Securif^, and networking. 

You get to focus all your 
energy on making a fabulous 
online bubble wr^ Store, 
and leave the underlying 
services like security and 
JSP processing up to the 
container. 

Now all I have to worry 
、 about is how to sell my scratch-n- 
/ sniff bubble wrap, instead of having 
to write all that code for the ( 
things the Containers gonna ) 
do for me... a 一 / 

O 

o 



you are here ► 


41 













the Container 


How the Container handles a request 

We’ll save some of the juicier bits for later in the book, but 
here’s a quick look: 


① 


HTTP request 


CZ) 

servlet 





User clicks a link that has a 
URL to a servlet instead of a 
static page. 


② 

Client 




The container “sees” that the 
request is for a servlet, so the 
container creates two objects: 

1) HttpServletResponse 

2) HttpServletRequest 


③ 



/Himrr\Q 

Client 





The container finds the correct 
servlet based on the URL in the 
request, creates or allocates 
a thread for that request, and 
passes the request and response 
objects to the servlet thread. 
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④ 



/riiiiirr\Q 

Client 



The container calls the servlet’s 
service() method. Depending on 
the type of request, the service 。 
method calls either the doGet() or 
doPost() method. 

For this example, we’ll assume the 
request was an HTTP GET. 


⑤ 

Client 




The doGet() method generates 
the dynamic page and stuffs the 
page into the response object. 
Remember, the container still 
has a reference to the response 
object! 


⑥ 



The thread completes, the 
container converts the response 
object into an HTTP response, 
sends it back to the client, then 
deletes the request and response 
objects. 


you are here ► 
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serWef code 


How it looks in code (what makes 
a servlet a servlet) 


U v-cal v/ov-ld, W% d all 
scvvlc*b ovcv-v-'idc c'l-tV^cv- *tKc doqctC-/ 
ov- doPos*tO method- 


import j avax.servlet.*; 
import j avax . seervlet. http . * 
import j ava.io. 






^ ih ° ww 

Th : sc ^ l^yd, 
sllcd h y ^ Co^ ihc ,. 


public class Ch2Servlet extends HttpServlet { 

public void doGet (HttpServletRequest request, 

HttpServletResponse response)- 
throws 工 OException { 


This is v/hcv-c youv scv-vlc*t jets 
V"C-(*CVC^dCS *to v-c^ucs*t a^d vcspo^sc 

objcd*U wiVidh do^*tamcv* dv*ca*tcs. 


PrintWriter out —— response.getWriter(); 

j ava.util.Date today = new j ava.util.Date(); 
out. println ( 、 '<html> 

、 '<body >〃 + 

、'<hl style= 〃 text-align : center >〃 + 
''HF \' s Chapter2 Servlet</hl >〃 + 
、 '<br>’’ + today + 

、 '</body>’’ + 

、 '</html>"); 



You yi a P^mWn-tcv W 

七 he vcspoir\sc obje 乙七 Y ou，r scv " v ^ c ^ 
-(*vow\ *bKc Coy\*t3ty\CV"* IXsc 
七 he "to ttTML 

it%i bo *tV^c ^rcsfohsc object 
y 七 o*tV^cv- ou*t^*b 

o ? t.o^s, besides PrmWnW, U 

say, a mstcad of 

HTML tc 此） 


rjJiereiare^P o 

Dumb c^uestipns 


0 : 

I remember seeing doGetf) and doPostf), 
but on the previous page, you show a servicef) 
method? Where did the servicef) method come 
from? 


A: 


Your servlet inherited it from HttpServlet, 


which inherited it from GenericServlet which 
inherited it from... ahhh, we’ll do class hierarchies 


to death in the Being a Servlet chapter, so you just 
need a little more patience. 


0： 

You wimped out on explaining how the 
container found the correct servlet... like, how 
does a URL relate to a servlet? Does the user have 
to type in the exact path and class file name of 
the servlet? 


A I 

No. Good question, though. But it points 
to a Really Big Topic (servlet mapping and URL pat¬ 
terns), so we’ll take only a quick look on the next 
few pages, but go into much more detail later in 
the book (in the Deployment chapter). 
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You're wondering how the Cowtamcr 
found the Servlet... 

Somehow, the URL that comes in as part of the request from the 
client is mapped to a specific servlet on the server. This mapping 
of URLs to servlets might be handled in a number of different 
ways, and it’s one of the most fundamental issues you’ll face as 
a web app developer. The user request must map to a particular 
servlet, and it’s up to you to understand and (usually) configure 
that mapping. What do you think? 

FLEX YOUR MIHP 

How should the Container map 
servlets to URLs? 

The user does something in the browser (clicks a link, hits the “Submit” 
button, enters a URL, etc.) and that something is supposed to send 
the request to a specific servlet (or other web app resource like a 
JSP) you built. How might that happen? 

For each of the following approaches, think about the pros and cons. 

(T) Hardcode the mapping into your HTML page. In other words, the 
client is using the exact path and file (class) name of the servlet 

PROS: 

CONS: 

(2) Use your Container vendor’s tool to do the mapping: 

PROS: 

CONS: 

( 3 ) Use some sort of properties table to store the mappings: 

PROS: 


CONS: 


mapping URLS to servlets 


A servlet caw have THREE names 


A servlet has a file path name, obviously, like classes/registration/ 
SignUpServlet.class (a path to an actual class file). The original 
developer of the servlet class chose the class name (and the package 
name that defines part of the directory structure), and the location on 
the server defines the full path name. But anyone who deploys 
the servlet can also give it a special deployment name. A deployment 
name is simply a secret internal name that doesn’t have to be the same 
as the class or file name. It can be the same as the servlet class name 
(registration. SignUpServlet) or the relative path to the class file 
(classes/registration/SignUpServlet.class), but it can also be something 
completely different (like EnrollServlet). 


Finally, the servlet has a public URL name — the name the client knows 
about. In other words, the name coded into the HTML so that when 
the user clicks a link that’s supposed to go to that servlet, this public 
URL name is sent to the server in the HTTP request. 


① 



Client-known URL name 



Deployer-known 
secret internal name 


The client sees a URL for the 
servlet (in the HTML), but doesn't 
really know how that servlet name 
maps to real directories and files 
back on the server. The public URL 
name is a fake name, made up for 
clients. 


The deployer can create a name 
that’s known only to the deployer 
and others in the real operational 
environment. This name, too, is a 
fake name, made up just for the 
deployment of the servlet. It doesn’t 
have to match the public URL used 
by the client, OR the real file and 
path name of the servlet class. 



Actual file name 


The developers servlet class 
has a fully-qualified name that 
includes both the class name and 
the package name. The servlet 
class file has a real path and file 
name, depending on where the 
package directory structure 
lives on the server. 
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Well Isn't that special how everyone 
gets to express their creativity and 
come up with their very own name for 
the same darn thing. But whafs the point!? 
Really? Why don't we all just use the 
one, real, non-confusing file name? 



Mapping servlet names 
improves your app’s flexibility 
and security. 

Think about it. 

So you’ve hard-coded the real path and 
file name into all the JSPs and other 
HTML pages that use that servlet. 

Great. Now what happens when you 
need to reorganize your application, 
and possibly move things into different 
directory structures? Do you really want 
to force everyone who uses that servlet to 
know (and forever follow) that same directory 


structure? 


By mapping the name instead of coding 
in the real file and path name, you 
have the flexibility to move things 
around without having the maintenance 
nightmare of tracking down and 
changing client code that refers to the 
old location of the servlet files. 


And what about security? Do you really 
want the client to know exactly how 
things are structured on your server? 

Do you want them to, say, attempt to 
navigate directly to the servlet without 
going through the right pages or forms? 
Because if the end-user can see the real 
path, she can type it into her browser 
and try to access it directly. 


you are here ► 
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Usmg the Pcploymcwt Pescriptor to map URLs to servlets 

When you deploy your servlet into your web Container, you’ll create a fairly simple XML 
document called the Deployment Descriptor (DD) to tell the Container how to run your 
servlets and JSPs. Although you’ll use the DD for more than just mapping names, you’ll use two 
XML elements to map URLs to servlets — one to map the client-known public URL name to your 
own internal name, and the other to map your own internal name to a fully-qualified class name. 


The two DD elements for URL mapping: 


① 


② 


<servlet> 

maps internal name to fully-qualified class name 

<servlet-mapping> 

maps internal name to public URL name 

• a UO 丁一 代从 洗 


TW\s y/cb a\>\> V^as tv/o 
scwlcts. 


\ 





<web-app 


> 


TV^c <scv-vlc*t> element 
七 ells Co\r\*ta'mc\r 
y/WA dass -files belong 
•to a par 七 I 乙 ulav" >wcb 


ior\. 


j\,t <scwlct-^amc> clef’s used *to 
七 ie a <scvvlc*b> clc^c^t *to * 

⑽士 七 - ， • 呼卜 n 一 

usev ^ ^ 

oy,l7 rn o-tv^cv ?av*ts ok tv^c vv^ 


广 



<servlet> 

<servlet-name>Internal name 1</ servlet-name> p ^ 

<servlet-class>foo. Servletl</ servlet-class> \J v>VAt ^ 

doA add 

; 匕 r V 丄匕 L / 6 3SS w \ ) 

<servlet-name >Internal name 2</ servlet-name> 

<servlet-class>foo. Servlet2</ servlet-class> 

</servlet> 


</servlet> 


<servlet> 


TVmk d 七 
<scv-vlc*t-w'afp'm 5 > elemerrb 
as y/ha 七七 he Cor\*ta'mc\r uses 

Hornes "to ask ， 
servlet should I invoke *fov 
-tiiis v-c^cs-tcd URL? > • 



<servlet-mapping 〉 

<servlet-name>Internal name 1</servlet-name> 
<url-pattern>/Publicl</url-pattern> 

</servlet-mapping> 1^. — . » . i n _ 一 


TWis is 4a 七七 sees (av^d uses) b> 

act -to tKc soviet- a 

ke tU: is WT thaw oUk actual 

scv-vlc*t class. 


<servlet-mapping> 

<servlet-name>Internal name 2</ servlet-name> 
<url-pattern>/Public2</url-pattern> 

</servlet-mapping> 

P^iblc io use wild^vds i h 

</web ~ app> <u,l- P atW C I C ^, 

° h 诎鈍 and paihs \ai^. 
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Put wait! There's more you 
caw do with the VV 


Besides mapping URLs to actual servlets, you can 
use the DD to customize other aspects of your web 
application including security roles, error pages, 
tag libraries, initial configuration information, and 
if it’s a full J2EE server, you can even declare that 
you’ll be accessing specific enterprise javabeans. 

Don’t worry about the details yet. The crucial 
point for now is that the DD gives you a way to 
declaratively modify your application without 
changing source code! 

Think about this... it means that even those who 
aren’t Java programmers can customize your Java 
web application without having to drag you back 
from your tropical vacation. 


^iiereiqrejio 

Dumb Questions 

I’m confused. Looking at the DD, you still don’t 
have anything that indicates the actual path name of 
the servlet! It just says the class name. This still doesn't 
answer the question of how the Container uses that 
class name to find a specific servlet class file. Is there 
yet ANOTHER mapping somewhere that says that such 
and such a class name maps to such and such a file in 
such and such a location? 


You noticed. You’re right that we put only the class 
name (fully-qualified to include the package name) into 
the <servlet-class> element. That’s because the Container 
has a specific place it will look for all servlets for which 
you’ve specified a mapping in the DD. 

In fact, the Container uses a sophisticated set of rules for 
finding a match between the URL that comes in from the 
client request and an actual Java class sitting somewhere 
on the server. But we’ll get into that in a later chapter (on 
Deployment). Right now, the key point to remember is 
that you can do this mapping. 


The deployment descr^tor (DD), 
provides a “declarative” uiechanisin 
for custoiniziiig your web applications 
wifliout towelling source code! 



— DD Benefits - 

■ Minimizes touching source code that 
has already been tested. 

■ Lets you fine-tune your app’s 
capabilities, even if you don’t have the 
source code. 

■ Lets you adapt your application to 
different resources (like databases), 
without having to recompile and test 
any code. 

■ Makes it easier for you to maintain 
dynamic security info like access 
control lists and security roles. 

■ Lets non-programmers modify and 
deploy your web applications while 
you can focus on the more interesting 
things. Like how appropriate your 
wardrobe isn’t for a trip to Hawaii. 


you are here ► 
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Soib’s matchmaking site 


Story: fob Guilds a Matchmaking Site 

Dating is tough today. Who has the time when there’s always another 
disk to defrag? Bob, who wants a piece of the dot-com action (what’s 
left of it, anyway), believes that creating a geek-specific dating site is 
his ticket out of the Dilbertian job he has now. 

The problem is, Bob’s been a software manager for so long that he’s, 
um, a little out of touch with contemporary software engineering 
practices. But he knows some buzzwords and some Java and he’s read 
a little about servlets, so he makes a quick design and starts to code... 


I want an Agile 
Dating site where 
geeks can meet and hook up. 
Because not everybody 
gets lucky at a Linux 
Installathon... 






] 回 I 


fittp:- - .#Lck«-dtp mart .■ 

^»f! Amuon Mu 



GeekDates 

78% of our transactions end in commit. 



Join 


Q DQL query 


Refactor my Profile 




Refactor 

Modify your profile: 


[profile here] 


(Improve it 〕 


Ii^ut your state 

Handle 


Age [ 


OS [ 


Attributes 

Exceptions 


Type declaration [ 


〔Insert 



ulskBir ■ iurf ■ ^¥£1,1 

1 ., !，. n . . r irr«-r 

w We p»rr 


Query 

Compose your Dating Query Language 
(D 叫 string here: [I ■' T T , U 

' . t I -i 


CHki.«PSr?, 
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high-level architecture 


He starts to build a bunch of servlets... 
one for each page 


He considered having just a single servlet, with a bunch of if 
tests, but decided that separate servlets would be more OO — each 
servlet should have one responsibility like the query page, the sign¬ 
up page, the search results page, etc. 

Each servlet will have all the business logic it needs to modify or 
read the database, and prints the HTML to the response stream 
back to the client. 

// import statements 

public class DatingServlet extends HttpServlet { 

public void doGet(HttpServletRequest request, 

HttpServletResponse response) 
throws 工 OException { 

// business logic goes here, depending 
// on what this servlet is supposed to do 
// (write to the database, do the query, etc.) 

PrintWriter out = response.getWriter(); 

// compose the dynamic HTML page 

out. println ( ''something really ugly goes here 〃）； 



web server machine 




101101 
101101 
10101000010 
1010 10 0 
01010 1 
1010101 
10101010 
1001010101 


InputDQLServlet 


101101 
101101 
10101000010 
1010 10 0 
01010 1 
1010101 
10101010 
1001010101 




DoDQLQueryServlet 


web 

server/container 


lonoi 


101101 

101101 


101101 

10101000010 


10101000010 

1010 10 0 


1010 10 0 

01010 1 


01010 1 

1010101 


1010101 

10101010 


10101010 

1001010101 


1001010101 





101101 
101101 
10101000010 
1010 10 0 
01010 1 
1010101 
10101010 
1001010101 


SignupServlet 





101101 
101101 
10101000010 
1010 10 0 
01010 1 
1010101 
10101010 
1001010101 




101101 
101101 
10101000010 
1010 10 0 
01010 1 
1010101 
10101010 
1001010101 


AcceptSignupServlet 


AcceptProfileChangesServlet 


MainPageServlet InputProfileChangesServlet 


TV scwlct docs 

do ^ ?vo^ss 

( '»kc mscvt or 
s 一 W database) 

i\,t HTTP 

All busmess \o^\t 

▽ay vcs^sc «s \v\s\dt t 
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Bob adds SPs 


Put thcw it gets ugly, so he adds JSPs 


Those pesky println() statements for the output response get really 
ugly，really quickly. So he reads up on JSPs and decides to have each 
servlet do whatever business logic it needs to do (query the database, 
insert or update a new record, etc.) then forward the request to a JSP to 
do the HTML for the response. This also separates the business logic 
from the presentation... and since he’s been reading up on design, he 
knows that separation of concerns is a Good Thing. 

// import statements 


This JSP design is much 
cooler. Now the servlet code is 
cleaner... each servlet runs its 
own business logic and then invokes a 
specific JSP to handle the HTML for 
the response, separating business 
logic from presentation. 


public class DatingServlet extends HttpServlet { 


public void doGet (HttpServletRequest request, 

HttpServletResponse response) 
throws 工 OException { 

// business logic goes here, depending 
// on what this servlet is supposed to do 
// (write to the database, do the query, etc.) 

// forward the request to a specific JSP page 
// instead of trying to print the HTML 
// to the output stream 






I 叩 utSignupJSP AcceptSignupJSP InputProfileChangesJSP AcceptProfileChangesJSP MainPageJSP 


I 叩 utDQLJSP DoDQLQueryJSP 



Client -fills out tKc D6JL 
^uevy -fovm and dlidks tKc 
w Do i*t W button. This sehds 

an http post request 

•fov 

TKc >wcb scv-vcv invokes 
七 lie scvv/lct, 七 he scvvlct 

vurvs -tKc <\ucvy oy\ tKc 

database ； -tKcn tKc 

vc'ucs 七 is -fovy/3vdcdi *to 

tKc afpvopriatc JSP. TKc 

J£P builds tKc ves^onse 
HTML sends i 七 badk. 
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high-level architecture 


Put then his friewd says, "You ARE 
using MVC, right?" ~ 

Kim wants to know if the dating service can be accessed from 
a Swing GUI application. Bob says, “No, I hadn’t thought of 
that.” So Kim says, “Well, it’s not a problem because I’m sure 
you used MVG, so we can just whip up a Swing GUI client 
that can access the business logic classes.” 

And Bob says, “Gulp.” 


What if you want 
to make a Swing GUI app 
for the dating service, and 
it uses the same business 
logic? 


And Kim says, “Don’t tell me... you did not use MVC?” 

And Bob says, “Well, I did separate out the presentation from 
the business logic...” 

Kim says, “That’s a start... but let me guess... your business 
logic is all inside servlets'.?’’ 

Bob realizes, suddenly, why he went into management. 

But he’s determined to do this right, so he asks Kim to give 
him a quick crash overview of MVG. 

With MVC the business logic is not only 
separate from the presentation... it doesn’t 
even know that there IS a presentation. 



The essence of MVG is that you separate the business logic from 
the presentation, but put something between them so that the 
business logic can stand on its own as a reusable Java class, and 
doesn’t have to know anything about the view. 

Bob was partly there, by separating out the business logic from 
the presentation, but his business logic still has an intimate 
connection to the view. In other words, he mixed the business logic 
into a servlet, and that means he can’t reuse his business logic for 
some other kind of view (like a Swing GUI or even a wireless 
app). His business logic is stuck in a servlet when it should be in a 
standalone Java class he can reuse! 
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MVC design pattern 


The Model-View-Cowtroller (MVC) 
Pesigw Pattern fixes this 

If Bob had understood the MVC design pattern, he would 
have known that the business logic shouldn’t be stuffed inside 
a servlet. He would have realized that with the business 
logic embedded in a servlet, he’d be screwed if he one day 
needed a different way to access the dating service. Like 
from a Swing GUI app. We’ll talk a lot more about MVC 
(and other patterns) later in the book, but you need a quick 
understanding now because the tutorial app we build at the 
end of this chapter uses MVC. 

If you’re already familiar with it, then you know that MVC 
is not specific to servlets and JSPs — the clean separation of 
business logic and presentation is just as valid in any other 
kind of application. But with web apps, it’s really important, 
because you should never assume that your business logic 
will be accessed only from the web! We’re sure you’ve worked 
in this business long enough to know the only guarantee in 
software development: the spec always changes. 


Model^View^Controller 
(MVC) takes Ae business 
logic out of Ae servlet, 
and puts it in a “JVLodel ”一 
a reusable plain old 
Java class. The Model 

is a combination of Ae 

business data (like Ae 
State of a Shopping Cart) 
and Ae (rules) 

that operate on Aat data. 


MVC in the Servlet & JSP world 

CONTROLLER 


VIEW 

Responsible for the 
presentation. It gets the 
state of the model from 
the Controller (although not 
directly; the Controller puts 
the model data in a place where 
the View can find it). IYs also 
the part that gets the user 
input that goes back to the 
Controller. 






Controller 


Takes user input from the request 
and figures out what it means to 
the model. 

Tells the model to update itself, 
and makes the new model state 
available for the view (the JSP). 


" 4 ^ 


MODEL 

Holds the real business logic and the 
state. In other words, it knows the 



rules for getting and updating the 
state. 

A Shopping CarYs contents (and the 
rules for what to do with it) would be 
part of the Model in MVC. 

TYs the only part of the system that 
talks to the database (although it 
probably uses another object for the 
actual DB communication, but we II 
save that pattern for later...) 
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high-level architecture 


Applying the MVC pattern to 
the matchmaking web app 


So, Bob knows what he has to do. Separate out 
the business logic from the servlets, and create a 
regular Java class for each one... to represent the 
Model. 

Then the original servlet will be the Controller, the 
new business logic class will be the Model, and the 
JSP will be the View. 




a 





InputSignupJSP AcceptSignupJSP 


InputProfileChangesJSP 


AcceptProfileChangesJSP MainPageJSP 


InputDQLJSP DoDQLQueryJSP 



you 
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yeah, but is this a good design? 


Put then his friend Kim takes a look 


Kim comes in and says that while it IS an MVG design, it’s a 
dumb one. Sure, the business logic has been pulled out into a 
Model, and the servlets act as the Controllers working between 
the Models and Views so that the Models can be brain-dead about 
the Views. That’s all good. But look at all those little servlets. 

What do they even do? Now that the business logic is safely tucked 
away in the Model, the servlet Controller isn’t doing much except 
some generic application stuff for this app, and, oh yeah, it does 
update the Model and then it kicks the View into gear. 

But the worst part is that all that generic application logic is 
duplicated in every single frickin’ servlet! If one thing needs to 
change, it has to change everywhere. A maintenance train wreck 
waiting to happen. 

“Yeah, I felt a little weird about the duplicate code,” says Bob, 

“but what else can I do? Surely you don’t mean for me to put 
everything in a single servlet again? How could that be good?” 


Come on... you don’t 
SERIOUSLY expect me 
to put it all back in one 
non-00 servlet... 


O 



What a completely lame 
design! Look at all the 
duplicate code in each servlet. 
You have to add the same overall 
application code, like security, in 
almost every servlet. 



56 


chapter 2 




high-level architecture 


Is there aw answer? 




FLEX YOUR MIND 



Leave this for you to ponder, we will. 

What do you think? Do you know the 
answer? IS there an answer? Would you 
agree with Bob, and leave the servlets 
as they are, or would you put the code 
into just one servlet Controller? And 
if you do use just one Controller for 
everything, how will the Controller 
know which Model and View to 
call? 


The answer to this question won’t 
come until the very end of the book, so 
think about this for a few moments, then 
put it in a mental background thread... 
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^^rpen your pencil 


① Using MVC in a servlet & JSP world, each 
of these three components (JSP, Java class, 
Servlet) plays one of the three MVC roles. Circle 
the “M”, the “V”， or the “C” depending on which 
MVC part that component plays. Circle only one 
letter per component. 



JSP 


M 

V 

C 



non-servlet 
Java class 


M 

V 

C 



Servlet 


M 

V 

C 


( 2 ) What do the letters MVC represent in the MVC 
design pattern? 

M stands for _ 

V stands for _ 

C stands for 


— BULLET POINTS_ 

■ The Container gives your web app 
communications support, lifecycle 
management, multithreading support, 
declarative security, and support for JSPs, 
so that you can concentrate on your own 
business logic. 

■ The Container creates a request and 
response object that servlets (and other parts 
of the web app) can use to get information 
about the request and send information to the 
client. 

■ A typical servlet is a class that extends 
HttpServlet and overrides one or more service 
methods that correspond to HTTP methods 
invoked by the browser (doGet() doPost(), 
etc.). 

■ The deployer can map a servlet class to a 
URL that the client can use to request that 
servlet. The name may have nothing to do 
with the actual class file name. 
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high-level architecture 


c^^Tpen your pencil Who's responsible? 

Fill in the table below, indicating whether the web server, the web container, or 
a servlet is most responsible for the task listed. In a few cases more than one 
answer may be true for a given task. For extra credit, add a brief comment 
describing the process. 


Task Web server Container Servlet 


Creates the request & response objects 




Calls the service() method 




Starts a new thread to handle requests 




Converts a response object to an HTTP 
response 




Knows HTTP 




Adds HTML to the response object 




Has a reference to the response objects 




Finds URLs in the DD 




Deletes the request and response objects 




Coordinates making dynamic content 




Manages lifecycles 




Has a name that matches the 
<servlet-class> element in the DD 
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servlet and DD exercise 



— Servlet 


Code Magnets 

A working servlet,and its DD are scrambled up on 
the fridge. Can you add the code snippets on the 
right to the incomplete listings on the left to make 
a working servlet and DD whose URL ends with 
/Dice? There might be some extra magnets on the 
right that you won’t use at all! 



throws 工 OException { 


String dl = 工 nteger•toString( (int) ((Math•random()*6)+1)); 

String d2 = 工 nteger•toString( (int) ((Math.random()*6)+1)); 

out. print In (''<html> <body >〃 + 

''<hl align=center>HF\ A s Chap 2 Dice Roller</hl >〃 + 
''<p >〃 + dl + '' and '' + d2 + '' were rolled” + 

、 '</body> </html >’’）； 




DD 



(Rcmcrwbcv-, is^*t domplrtc <v/cb-app> 

一一 a Complete example is a*t *thc o-f -this dhap-tev-. 
|*t doesn't 


: d*t *tKis e 乂 cWise.) 



</web-app> 
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high-level architecture 


Code Magnets, continued... 









HttpServletResponse response) 



[TdI^ ^ 



</servlet-class> 



HttpServletRequest request. 




<servlet-class> 
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responsibility exercise solution 


Exercise Solutions 


Task Web server Container Servlet 


Creates the request & response objects 


Jus-t bc-fovc s-tav-tmj 
the 


Calls the service。method 


scv-vidcO mrthod 

ta\\s Ao6\t\P ov- doPos*tO. 


Starts a new thread to handle requests 


Stav-b a scv-vlc*t tWcad. 


Converts a response object to an HTTP 
response 


今七 es *bhe HTTP 

vcspohsc s*brca 你 -fv-om *thc 

daxd \y\ v-cspo^sc objed-t- 


Knows HTTP 

Uses i*t *to -talk *to 

dicirrt b\rov/sc\r. 



Adds HTML to the response object 



The dy^a^id 匕 o>rrtci^t 
-fo\r *thc 

Has a reference to the response objects 


Co^tamcv- jives i*t 
scv-vlct 

Uses i*t *fco p\rm 七 
d \rcspo 灼 sc. 

Finds URLs in the DD 


To -f 'md CoYYtt^i 

scv-vlc*t -fo\r 七 he \rc<\ucst 


Deletes the request and response objects 


Or\tt 七 he sc\rvlc*t 
is -f mished. 


Coordinates making dynamic content 

^ov/s how *to -fo\r>wa\rdl 

^oy/s y/ho *to ddll- 


Manages lifecycles 


Calls scv-vi^c method 
o*thc\rs you’ll sec). 


Has a name that matches the 
<servlet-class> element in the DD 



publid dldss lVha*tcvc\r 
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high-level architecture 


Servlet 


Exercise Solutions, 
continued … 


import 

javax.servlet.*; 

import 

javax.servlet.http.*; 

import 

java.io.*;_ 


public class L Ch2Dice extends HttpServlet { 


1 I HttpServletRequest request, 

HttpServletResponse response) 
throws 工 OException { 


PrintWriter out = response.getWriter() 


String dl = 工 nteger•toString((int)((Math•random()*6)+1)); 

String d2 = 工 nteger•toString((int) ((Math.random()* 6)+1)); 

out. print In (''<html> <body >〃 + 

''<hl align=center>HF\ A s Chap 2 Dice Roller</hl >〃 + 
''<p >〃 + dl + '' and '' + d2 + '' were rolled” + 

、 '</body> </html >’’）； 



DD 


<web-app ...> 
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two objects, two heaps 


A "working" Pcploymcwt Pcscriptor (PP) 

Don’t worry about what any of this really means (you’ll see and be 
tested on this in other chapters). Here, we just wanted to show you a 
web.xml DD that actually works. The other examples in this chapter 
were missing a lot of the pieces that go into the opening <web-app> 
tag. (You can see why we don’t usually include it in our examples.) 

The way we usually show it in the book 

<web-app • • • > ^ - XW»s - 外?〉 

<servlet> 

<servlet-name>Ch3 Beer</servlet-name> 

<servlet-class>com.example.web.BeerSelect</servlet-class> 
</servlet> 

<servlet-mapping> 

<servlet-name>Ch3 Beer</servlet-name> 

<url-pattern 〉 /SelectBeer.do</url-pattern> 

</servlet-mapping> 

</web-app> 


The way it REALLY works 

<web-app xmlns=’’http : //j ava . sun . com/xml/ns/ j 2ee" 

xmlns : xsi= 〃 http:/ / www.w3.org/2001/XMLSchema-instance” 

xsi : schemaLocation=’’http : // j ava.sun.com/xml/ns/ j 2ee/web-app_2_4.xsd" 

version="2•4"> 

<servlet> 

<servlet-name>Ch3 Beer</servlet-name> 

<servlet-class>com.example.web.BeerSelect</servlet-class> 

</servlet> 

<servlet-mapping> 

<servlet-name>Ch3 Beer</servlet-name> 

<url-pattern>/SelectBeer.do</url-pattern> 

</servlet-mapping> 

</web-app> 


/ J k/OT -to ^ ^ 

tJ：Z - 丄 ㈣ :二 
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high-level architecture 


How J2EE fits into all this 


The Java 2 Enterprise Edition is kind of a super- 
spec — it incorporates other specifications, including 
the Servlets 2.4 spec and the JSP 2.0 spec. That’s for 
the web Container. But the J2EE 1.4 spec also includes 
the Enterprise JavaBean 2.1 specification, for the EJB 
Container. In other words, the web Container is for web 
components (Servlets and JSPs), and the EJB Container is 
for business components. 


A J2EE ^plication server 
includes bodia web 
Container MD an EjB 
Container. 

Tomcat is a web Container, 


A fully-compliant J2EE application server must have both 
a web Container and an EJB Container (plus other things 
including a JNDI and JMS implementation). Tomcat is 
just a web Container! It is still compliant with the 
portions of the J2EE spec that address the web Container. 

Tomcat is a web Container, not a full J2EE application 
server, because Tomcat does not have an EJB Container. 


b«tN0Tafiillj2EE 
^plication server. 

A J2EE 1.4 server includes 
the Servlet Spec 2.4, JSP spec 
2.0, and EjB spec 2.1. 


J2EE Application Server 


l_ *jy 


Web Container 


EJB Container 

/ \ 



< Servlet i 


JJ 

严 ~I f^s 

■ <body> I 

■ <j sp:setProperty■ 

■name="foo" | 

■ property="bar〃> 

■</body> | 

bJH 

Servlets & JSPs 


Enterprise JavaBeans 



0： 

So Tomcat is a standalone web Container... does 
that mean there are standalone EJB Containers? 


In the old days, say, the year 2000, you could 
find complete J2EE application servers, standalone web 
Containers, and standalone EJB Containers. But today, 
virtually all EJB Containers are part of full J2EE servers, 
although there are still a few standlone web Containers, 


including Tomcat and Resin. Standalone web Containers 
are usually configured to work with an HTTP web server 
(like Apache), although the Tomcat Container does have 
the ability to act as a basic HTTP server. But for HTTP 
server capability. Tomcat is not nearly as robust as Apache, 
so the most common non-EJB web apps usually use 
Apache and Tomcat configured together — with Apache as 
the HTTP web Server, and Tomcat as the web Container. 

Some of the most common J2EE servers are BEA’s 
WebLogic, the open source JBoss AS, and IBM’s WebSphere. 
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3 hands - on VC 


Mini MVC Tutorial 



Create and deploy an MVC web app. it s time to get your hands 
dirty writing an HTML form, a servlet controller, a model (plain old Java class), an 
XML deployment descriptor, and a JSP view. Time to build it, deploy it, and test it. 
But first, you need to set up your development environment — a project directory 
structure that’s separate from your actual deployed app. Next, you need to set up 
your deployment environment following the servlet and JSP specs and Tomcat 
requirements. Then you’re ready to start writing, compiling, deploying, and running 
True, this is a very small app we’re building. But there’s almost NO app that's too 
small to use MVC. Because today’s small app is tomorrow’s dot-com success... 


this is a new chapter 
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official Sun exam objectives 




Web Application Deployment 


Coverage Notes: 


2.1 Construct the file and directory structure of a web 
application that may contain (a) static content, (b) 
JSP pages, (c) servlet classes, (d) the deployment 
descriptor, (e) tag libraries, (f) JAR files, and (g) 
Java class files. Describe how to protect resource 
files from HTTP access. 

2.2 Describe the purpose and semantics for each of 
the following deployment descriptor elements: 
error-page, init-param, mime-mapping, servlet, 
servlet-class, servlet-mapping, servlet-name, and 
welcome-file. 


All of the objectives in this section are covered 
completely in the Deployment chapter; this 
is just a first look. This chapter is the only 
complete start-to-finish tutorial in the book, 
so if you skip it, you might have trouble later 
testing some of the other examples in later 
chapters (where we don’t go through every 
detail again). 

As with the previous two chapters, you don’t 
need to focus on memorizing the content in this 
chapter. Just get in there and do it. 


2.3 Construct the correct structure for each of the 
following deployment descriptor elements: 
error-page, init-param, mime-mapping, servlet, 
servlet-class, servlet-name, and welcome-file. 
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hands-on 


Let's build a real (small) web application 


We looked at the role of a container, we talked a bit about 
deployment descriptors, and we took a first look at the Model 2 
MVC architecture. But you can’t just sit here and read all day — 
now it’s time to actually do something. 


The four steps we’ll follow: 

① Review the user’s views (what the browser 
will display), and the high level architecture. 







② Create the development environment that we 
will use for this project (which you can use for 
any other example in the book). 


1 WEI 



BeerSelect.class BeerExpert.class 







B-INF j 


<bod Y » 









form.html 

esult.jsp 

lib j 

veb.xm 





(3) Create the deployment 

environment that we will use for 
this project (which you can use for 
any other example in the book). 



public 




0010 0001 





( 

i 


1100 1001 
0001 0011 
Q101 0110 


1100 1001 
0001 0011 
0101 0110 


BeerSelectjava BeerExpert.java BeerSelect.class BeerExpertxIass 


④ Perform iterative development and testing on the 
various components of our web application. (OK, 
this is more of a strategy than a step.) 

Note: We recommend iterative development and testing, 
although we won’t always show all the steps in this book. 
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user views 


The User's View of the web application — 
a Peer Advisor 

Our web application is a Beer Advisor. Users will be able to 
surf to our app, answer a question, and get back stunningly 
useful beer advice. 



q 




form.htmJ 



c 

■ ■ 

+ 


3 

* Google J 

DP Apple 

.Mac 

Amazon eBay 

Yahoo! News t 


Beer Recommendations JSP 


TK'»s Will kc a 七 ha 七 ,〜 cs 

^ adv'itc based i\\t usc^r s cMo\C.c 


try: Jack’s Pale Ale 
try: Gout Stout 






0;、 


Why are we writing a web 
application that gives beer advice? 


A I 

After an exhaustive marketing 
research effort, we concluded that 


90% of our readers appreciate beer. 
The other 1 0% can simply substitute 
the word "coffee” for "beer”. 
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hands-on 


Here's the architecture... 

Even though this is a tiny application, we’ll build it using a simple 
MVG architecture. That way, when it becomes THE hottest site on 
the web, we’ll be ready to extend the application. 



1 - The client makes a request 
for the form.html page. 

2 - The Container retrieves the 
form.html page. 

3 - The Container returns the 
page to the browser, where the 
user answers the questions on 
the form and... 

4 - The browser sends the 
request data to the container. 

5 - The Container finds the 
correct servlet based on the 
URL, and passes the request to 
the servlet. 

6 - The servlet calls the 
BeerExpert for help. 

7 - The expert class returns an 
answer, which the servlet adds 
to the request object. 

8 - The servlet forwards the 
request to the JSR 

9 - The JSP gets the answer 
from the request object. 

10 - The JSP generates a page 
for the Container. 

11 - The container returns the 
page to the happy user. 
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development environment 


Creating your dgyclopmcwt GHvirowmcwt 


There are lots of ways you could organize your development directory structure, but 
here’s what we recommend for small- and medium-sized projects. When it’s time 
to deploy the web app, we’ll copy a portion of this into wherever our particular 
Container wants the pieces to go. (In this tutorial, we’re using Tomcat 5.) 


ow Youv Ka^rd 如 Wc ” 


(You do〆 七从 cd 七 Wis 

d'iv-ct*tov-Y *tKc *tu*tovial ) 


Put taeM >wck a\>\> 
•m rts o^nv\ 
d'»v-Ct*bov-Y* 


/ou\r siaiit, ahd 
dyhami^ view 

go hcv-g. 



A 

<webapp> 


TVis is y/Kcv-c you \>ut 
IrA part/ 以。 

(-fv-orw SCV-vlc*U-R-^ s ) 


web.xml 


TVis is y/^cv-c Y ou， 
^ocs. 


t 


WicVc o-(* douvsc usm^ 3 s*b3^d3v~d 

f>adka^e s*bru 匕 *tuve so 

yt dll 七 he r^ovmal bc^c-fi*ts o-f 
patka^cs： 

- pvojc£.*t ov^a^iz-atio^ 

一 pov*tab'ili*ty a 灼 d vcusabili*ty 



TW\s 

: T 

加 r c °^ x ^ 
r ，r Ja^a 伽奶 

(vAsm^ 


<% 


%> 




<html> 

<body> 

</body> 

</html> 


result.jsp form.html 



ty.aw'flcs o-f 
some v'icy/ 


public 


"1^ 






~D, 

class 


get- 


0010 

0001 


0010 

0001 

Servlet 


Brands() 


1100 

1001 


1100 

1001 

extends 


{ 


0001 

0011 


0001 

0011 

HttpServ- 




0101 

0110 


0101 

0110 

let { } 


} 








BeerSelectjava 


BeerExpert.java 


BeerSelect.class 


BeerExpert.class 



l^oiiu that wcVc sepavatmg 
the ^Oh-tv-ollcv- ^orwpohCh-ts 
*(Vorw "the model £.orwpohCh*ts. 
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hands-on 


Creating the d 印 lov_wt Gwvirowmcwt 

Deploying a web app involves both Container-specific rules and 
requirements of the Servlets and JSP specifications. (If you’re not 
deploying to Tomcat, you’ll have to figure out exactly where your web 
app should be relative to your Container.) In our example, everything 
below the “Beer-vl” directory is the same regardless of your Container! 


Tomcat-specific 


外七- w 心 ，明 , 


丁 lv_s div-cd-tov-y hamc also v-cpv-csch-b 
the >rooV y/liutK Tomtai 

uses whch \rcsolvir»5 URLs. Well 
eyploire this dohdefi \y\ gv-cai detail 
tiic dcploymchi dhaftev-. 


B6L01A/ ttis. 

doiitd Imc IS y/eba^, and 
Will be i\\t same v-cjavdlcss o\ 
youV* Co\r»*b3nrvCV* VC^doV- 


Part of the Servlets 
specification 



This pav-t of 七 lie 
divedjovy structure is 
\rc^ui\rcd bv Tomdai, 
and ’_七 must be div-c^ily 
inside ilic Tomcat Kome 
div-c^-tovy. 


The hdme o( 
'f -~^ the web app. 





D, 

<html> 


<% 

<body> 



</body> 


%> 

</html> 




form.html result.jsp 


Tliis y/cb 
^ilc MUST be ih 
嶋一， 


Application-specific 


example 



This package structure is c^a^ily y/hai y/c used 
•m the dcvclofmchi Chvi\rohmchi. Unless youVc 

you\r classes ih a JAR (v/dl -talk about 
atc\r ih ihe book), ihch you /WU£T fui ihc 
di\rcd-to\ry si^iurc ir^mediaidv uhdev 

lA/EB-|/s/F/dlasscs. 


^△ - 

web 


model 

t. . 








/^\ rH rH rH O 

O O rH rH 

O O O rH 

O rH O O 

O O rH rH 
rH O O O 

O rH O rH 

O rH O O 


D| 

0010 0001 

1100 1001 

0001 0011 

0101 0110 


BeerSelect.class 


BeerExpert.class 
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building the app 


Our roadmap for building the app 

When we started this chapter we outlined a four-step process for developing our web app. 
So far we’ve: 

1 - reviewed the user views for our web app 

2 - looked at the architecture 

3 - setup the development and deployment environments for creating and deploying the app 
Now it’s time for step 4, creating the app. 

We borrow from several popular development methodologies (a little from extreme 
programming, iterative development), and mangle them for our own evil purposes... 


The five steps we’ll follow (in step 4): 

(^a) Build and test the HTML form that the user will first request. 

^b) Build and test version 1 of the controller servlet with the 
HTML form. This version is invoked via the HTML form and 
prints the parameter it receives. 

^c) Build a test class for the expert / model class, then build and 
test the expert / model class itself. 

@) Upgrade the servlet to version 2. This version adds the 
capability of calling the model class to get beer advice. 

^e) Build the JSP，upgrade the servlet to version 3 (which adds 
the capability of dispatching to the JSP), and test the whole app. 


74 


chapter 3 


hands-on 


The HTML for the initial form page 

The HTML is simple — it puts up the heading text, the drop-down list 
from which the user selects a beer color, and the submit button. 


<htmlxbody> 

<hl align= 〃 center〃>Beer Selection Page</hl> 
<form method="POST 〃 ^ -- 

action= 〃 SelectBeer•do〃> 


did wc choose POST 

instead o( 6jBT? 


Select beer characteristics<p> 

Color : 

<select name= 〃 color 〃 size= 〃 l〃> 

<option value= 〃 light〃> light </option> 
<option value=’’amber’’> amber </option> 
<option value=’’brown’’> brown </option^ 
<option value= 〃 dark〃> dark </option> 

</select> 

<br><br> 

<center> 

<input type=’’SUBMIT’’> 

</center> 


This is wha-t the WTML thinks the 
scvvlc-t is billed. Thcv-c is NOTHIN^ 
•m you\r di\rc^-to\ry siv-u^uv-c Mmed 
u Sclc^Bcc\r.do w / It's a lo^i^l 灼 dme... 



This is how wc ^\rc«l-tcd the pull- 
dovm rwc^u ； you\r optiohS r^y vav-y. 

(Did you -f i^uve out siz^— u / w ?) 


</form></body></html> 


o ： 

Why is the form submitting to "SelectBeer.do" when there is NO servlet with 
that name? In the directory structures we looked at earlier, I didn’t see anything that 
had the name "SelectBeer.do". And what’s with the ".do” extension anyway? 

A I 

SelectBeer.do is a logical name, not an actual file name. It’s simply the name we 
want the client to use! In fact the client will NEVER have direct access to the servlet class 
file, so you won’t, for example, create an HTML page with a link or action that includes a 
path to a servlet class file. 

The trick is, we’ll use the XML Deployment Descriptor (web.xml) to map from what the 
client requests ("SelectBeer.do”）to an actual servlet class file the Container will use when 
a request comes in for "SelectBeer.do”. For now, think of the ".do” extension as simply part 
of the logical name (and not a real file type). Later in the book, you’ll learn about other 
ways in which you can use extensions (real or made-up/logical) in your servlet mappings. 
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deploying and testing 


Peploymg and testing the openmg page 


To test it, you need to deploy it into the Container (Tomcat) directory 
structure, start Tomcat, and bring up the page in a browser. 


① Create the HTML in your development environment 

Create this HTML file, call it form.html, and save it in your development 
environment under the ZbeerWu/efo/directory. 


② Copy the file into the deployment environment 

Place a copy of the form.html file into tomcat/webapps/Beer-vl/. 
(Remember, your tomcat home directory might have a different name). 



Create the DD in your development environment 

Create this XML document, name it web.xml, and save it in your 
development environment under the /beerV 1/etc/ directory. 


form.html 




a” ^ t 

^ yst m 


<web-app xmlns=’’http : //j ava . sun . com/xml/ns/j 2ee" 

xmlns : xsi=’’http : / /www. w3 . org/2001/XMLSchema-instance" 

xsi : schemaLocation=’’http : //java.sun.com/xml/ns/j2ee/web-app 2 4.xsd" 


version= 〃 2•4〃> 




oi^er ^ 


<servlet> 

<servlet-name>Ch3 Beer</ servlet-name> 

<servlet-class>con .example.web.BeerSelect</servlet-class 〉 
</servlet> 




㈣ 一 ― V? 呻广 e 

soviet tlass 


<servlet-mapping 〉 

<servlet-name>Ch3 Beer</ servlet-name> 
<url-pattern>/J5electBeer. do</url-pattern> 
</servlet-mapping> 


</web-app> 


x \ I I \ - 心 t to to 

,, r ^ TWis IS \\o^i ^ „ r a 

wi*th d slash. 


76 


chapter 3 












hands-on 


The main job of this DD is to define the mapping between the logical 
name the client uses for the request (“SelectBeer.do”）and the actual 
servlet class file (com.example.web.BeerSelect). 


④ Copy the file into the deployment environment 

Place a copy of the web.xml file into 
tomcat/webapps/Beer-vl/WEB-INF/. * 

You MUST place it there or the Container won’t find it and 
nothing will work, and you’ll become depressed. 



</body> 

</html> 


form.html 


web.xml 


( 5 ) Start Tomcat 

Throughout this book we’re using Tomcat as both the 
web Server and the web Container. In the real world, you 
probably use a more robust Web Server (like Apache) 
configured with a Web Container (like Tomcat). But Tomcat 
makes a perfectly decent Web Server for everything we 
need to do in this book. 

To start Tomcat, cd into the tomcat home directory and run 
bin/startup.sh. 


File Edit Window Help OpenSource 


% cd tomcat 
% bin/startup.sh 


⑥ Test the page 

Open the HTML page in your browser 
and type: 

http://localhost:8080/Beer-v1/form.html 

You should see something like the 
screen shot here. 


1 

form.html 


C + 

| - ^~ — 

http://localhost:8080/Beer-v1/form.html 

QP Apple .Mac 

Amazon eBay Yahoo! ISfewsT 


Beer Selection Page 

Select heer characteristics 

Color ： ' light t! 

1 

* 


,Submit 、 

T 

▲ 
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servlet mapping 


Mapping the logical name to a servlet class file 


biane fills out the form and hits submit. The browser 
generates the request URL： 

/Beer-vl/SelectBeer.do 


夕 



The \\osi The v/cb app 

乙。灼 *tc 乂 *t v-oot. 





Client 


HTTP/l.! ~ Vl/Se，eCtBeer - d0 

Host: www.wickedlysmart.com 

^A g ent ： Mo zi ,, a/5 . 0 (Macjntos ^ 

ac OS X Mach-O; en-US; rv: 1 . 4 ) 
Cecko/20030624 Netscape/7.1 
Accept: text/xml,application/ 

^l ， application/xhtml + xml,text/ 

^; q =o.9,text/p,ain； q=0 . 8 , video/x _ 

^.'mage/png,i mage/jpegjmage/ 

9if,q=0.2,V 5t ； q=0.1 


〆 



u u/w^l/ ，， ^ ，t , 



Container 


祕七 U v-c^cst) ^y-owv. U 

?a ac orx- ^ 

H oU" fc 听 


The Container searches the DD 
and finds a <servlet-mapping> 
with a <url-pattern> that 
matches /SelectBeer.do, where 
the slash (/) represents the 
context root of the web app, and 
SelectBeer.do is the logical name 
of a resource. 


Container 


The Container sees that the <servlet- 
name> for this <url-pattern> is、、Ch3 
Beer". But that Isn't the name of an 
actual servlet class file.、、Ch3 Beer" is 
the name of a servlet, not a servlet 
class! 

To the Container, a servlet is something 
named in the DD under a <servlet> tag. 
The name of the servlet is simply the 
name used in the DD so that other 
parts of the DD can map to it. 


<web~" a PP > 

〈 servlet 〉 

<se rvlet-name> 

Ch3 Beer 

</se rvlet-narae> 

<servlet-class> Se i e ct 

coia.example-web.Beer 

</servlet-class> 

</servl^t> 

<se rvlet-mappi n g > 

S <se rvlet-name> 

Ch3 Beer 

</se rvlet-name> 

<url-p attern> , 

/SelectBeer.do 

ttern> 


</url-p a , 

</servlet-mapping> 

< /weTo _ " a PP > 


Container 
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hands-on 


④ 


⑤ 


The Container looks inside the 
<servlet> tags for something with 
the <servlet-name> 、、 Ch3 Beer”. 


The Container uses the 
<servlet-class> in the <servlet> 
tag to know which servlet class 
is responsible for handling this 
request. If the servlet has 
not been initialized, the class 
is loaded and the servlet is 
initialized. 


tell 


Container 


<web-apP > 

〈 servlet 〉 

<se rvlet-name> 

> Ch3 Beer 

</ S ervlet-name., 

<se rvlet-class> 

r com. example- wel: 

</se rvlet-class> 

< / servlet 〉 

<se rvlet-mapping> 
<ser vlet -” 麵 

Ch3 Bee 

</se rvlet-name> 

<url-p attern> , 

/SelectBeer. 

</url _ P attern> 

</s ervlet-mapping> 

</wet)-^PP > 


• Bee 


工 Select 


Container 


⑥ 


The Container starts a new thread to 
handle the request, and passes the 
request to the thread (to the servlefs 
serviceQ method). 



Container 

response 


⑦ 


The Container sends the response (through the 
Web Server, of course) back to the client. 


f! 



Client Container 
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serWef controller version one 


The first version of the controller servlet 


Our plan is to build the servlet in stages, testing the various communication 
links as we go. In the end, remember, the servlet will accept a parameter from 
the request, invoke a method on the model, save information in a place the JSP 
can find, and forward the request to the JSP. But for this first version, our goal 
is just to make sure that the HTML page can properly invoke the servlet, and 
that the servlet is receiving the HTML parameter correctly. 


Servlet code 


package 


import j 
import j 
import j 


example.web; 


servlet•*; 
servlet.http 


public class BeerSelect extends HttpServlet { 


public void doPost (HttpServletRequest request. 


I/Vcll use doPos-f ： -fco 

handle the HTTP 

\rc<\ucs-t, because 
"the ttTAIL *fo\rrw 
says ： 

mcthod-POST 


Key APIs 


HttpServletResponse response) 
throws 工 OException, ServletException 


response . setContentType (''text/html^) ; ^ — 
PrintWriter out = response.getWriter(); 
out. print In (''Beer Selection Advice<br >〃）； 
String c = request. get Parameter (''color^); 
out. print In (''<br>Got beer color '' + c); 


V 


hot giving b 把 k advice 
just displaymg test 


丁 his mctliod domes *(Vorw 七 

Sc\rvlctRcspohsc 


This method ^orwes -fvorw the 
Sc\rvlctRc«\uCS-t ih-tcv-fa^c. 
Notice -that "the 

i^a*Uhcs the value of the 
attvibutc \Y\ the 
WTMUs <sdc^t> tag. 
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Compiling, deploying, and testing the controller servlet 

OK, we’ve built, deployed, and tested our HTML, and we’ve built and deployed our DD 
(well, we put the web.xml into the deployment environment, but technically the DD won’t 
be deployed until we restart Tomcat). Now it’s time to compile the first version of the 
servlet, deploy it, and test it via the HTML form. Now we’ll restart Tomcat to make sure 
that it “sees” the web.xml and servlet class. 


Compiling the servlet 

Compile the servlet with the -d flag to put the class in the development environment 

Ad\us*t -to nsaicM youv ov/^ divct-tovy patii *to youv system! 

w W^a*t/ w be same- 



% cd MyProjects/beerVl ^ _ 

% javac -classpath /Users/bert/Applications2/tomcat/common/lib/ 
servlet-api.jar:classes : . -d classes src/com/example/web/BeerSelect.java 


Use a scmitolor\ V "" 

ov\ -tiic iVmdoy/s 


Use -the -d option "to tell the ^orwpilcv- -fco put the dloiss -file 
i〉"to the dasscs di^^vy within the CoY^tti ? ackay 
Yo“\r .class 4-ilc will Chd up /bcc\r\///dlasscs/dom/cxamplc/wcb/. 


Deploying the servlet 

To deploy the servlet, make a copy of the .class file and move it to the 
/Beer-vl/WEB-INF/classes/com/example/web/ directory in the deployment structure. 


Testing the servlet 

1 - Restart tomcat! 

2 - Launch your browser and go to: 
http://localhost:8080/Beer-v1/form.html 

4 - Select a beer color and hit “Submit” 

5 - If your servlet is working, you should 
see the servlet’s response in your browser 
as something like: 

Beer Selection Advice 
Got beer color brown 


File Edit Window Help SlashdotMe 


cd tomcat 
bin/shutdown.sh 
bin/startup.sh 





fnrm.hlml 

http://localhost:8080/Beer-v1/form.html 


Beer Selection Page 


Selcci beer characieristics 
Color: iHsht 


• i 

擎 


SubmiL 


_ ^ 
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the model class 


Puildmg and testing the model class 

In MVG, the model tends to be the “back-end” of the application. It’s often the legacy system 
that’s now being exposed to the web. In most cases it’s just plain old Java code, with no 
knowledge of the fact that it might be called by servlets. The model shouldn’t be tied down to 
being used by only a single web app, so it should be in its own utility packages. 

The specs for the model 

-Its package should be com.example.model 

-Its directory structure should be /WEB-INF/classes/com/example/model 
-It exposes one method, getBrands(), that takes a preferred beer color (as a 
String), and returns an ArrayList of recommended beer brands (also as Strings). 

Build the test class for the model 

Create the test class for the model (yes, before you build the model itself). You’re on 
your own here; we don’t have one in this tutorial. Remember, the model will still be in the 
development environment when you first test it — it’s just like any other Java class, and 
you can test it without Tomcat. 

Build and test the model 

Models can be extremely complicated. They often involve connections to legacy 
databases, and calls to complex business logic. Here’s our sophisticated, rule- 
based expert system for the beer advice: 

package com.example.model; 
import java.util.*; 

public class BeerExpert { 

public List getBrands(String color) 

List brands = new ArrayList(); 
if (color • equals (''amber ”）） { 

brands • add (''Jack Amber ’’）； 
brands • add (''Red Moose ’’）； 

} 

else { 

brands • add (''Jail Pale Ale ’’）； 
brands • add (''Gout Stout ’’）； 

} 

return(brands); 



V,ov/ v/eve 


of i\^t ⑼ ad ，， 
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Enhancing the servlet to call the model 
so that wg caw get REAL advice... 


In this version two servlet we’ll enhance the doPost() method to 
call the model for advice (version three will make the advice come 
from a JSP). The code changes are trivial, but the important part is 
understanding the redeployment of the enhanced web app. You can 
try to write the code, recompile, and deploy on your own, or you 
can turn the page and follow along... 



arpen your pencil 


Enhance the servlet, version two 


Forget about servlets for a minute, let’s just think Java. What 
are the steps we have to take to accomplish the following? 

1 - Enhance the doPost() method to call the model. 

2 - Compile the servlet. 

3 - Deploy and test the updated web app. 


public dlass Bccv-Sclcd*t extends tt*t*tpScv-vlc*t { 
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calling the model from the servlet controller 


Servlet version two code 

Remember, the model is just plain old Java, so we call it like we’d call any 
other Java method — instantiate the model class and call its method! 


package com.example.web; ^ ^ ^ 

import com. example.model. *; 

import javax.servlet.*; 


import j avax.servlet.http.*; 
import java.io.*; 
import java.util.*; 




public class BeerSelect extends HttpServlet { 

public void doPost(HttpServletRequest request, 

HttpServletResponse response) 
throws 工 OException, ServletException 


String c = request • getParameter (''color ”）； 

BeerExpert be = new BeerExpert() 

List result = be.getBrands(c); 


or’’）;.. 

/ the Bccv-Expcv-t 

^ ta\\ 


response . setContentType ( 、 'text/html 〃）； 
PrintWriter out = response.getWriter(); 
out. print In (''Beer Selection Advice<br >〃）； 


Iterator it = result.iterator(); 
while(it.hasNext()) { 

out. print ( 、 '<br>try: '' + it. next ()); 

^ ihe .odd ； l it r iu Tn 
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Key steps for servlet version two 

We have two main things to do: recompile the servlet and 
deploy the model class. 

Compiling the servlet 

We’ll use the same compiler command that we used 
when we built the first version of the servlet. 



% cd beerVl 

% javac -classpath /Users/bert/Applications2/tomcat/common/lib/ 
servlet-api.jar:classes : . -d classes src/com/example/web/BeerSelect.java 


Deploying and testing the web app 


Now, in addition to the servlet, we also have to deploy the model. 
The key steps are: 

1 - Move a copy of the servlet .class file to: 
../Beer-vl/WEB-INF/classes/com/example/web/ 

This replaces the version one servlet class file! 


2 - Move a copy of the model’s .class file to: 
../Beer-vl/WEB-INF/classes/com/example/model/ 


3 - Shutdown and restart tomcat 

4 - Test the app via form.html, 
the final browser output should be 
something like: 


File Edit Window Help SellHigh 


% cd tomcat 
% bin/shutdown.sh 
% bin/startup.sh 


Beer Selection Advice 
try: Jack Amber 
try: Red Moose 
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the MVC app 


Review the partially completed, MVC 
beer advice web application 


What’s working so far … 


Container 




Container 

logic 


BeerExpert 

component 


1 - The browser sends the 
request data to the Container. 

2 - The Container finds the 
correct servlet based on the 
URL, and passes the request to 
the servlet. 

3 - The servlet calls the 
BeerExpert for help. 

4 - The servlet outputs the 
response (which prints the 
advice). 

5 - The Container returns the 
page to the happy user. 


What we WANT … 


1 - The browser sends the 
request data to the Container. 


Container 


Web 

browser 


Client 




2 - The Container finds the 
correct servlet based on the 
URL, and passes the request to 
the servlet. 


3 - The servlet calls the 
BeerExpert for help. 

4 - The expert class returns an 
answer, which the servlet adds 
to the request object. 

5 - The servlet forwards the 
request to the JSP. 

6 - The JSP gets the answer 
from the request object. 

7 - The JSP generates a page 
for the Container. 
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8 - The Container returns the 
page to the happy user. 









































hands-on 


Create the JSP "view" that gives the advice 

Don’t get your hopes up. You’re going to have to wait for a few 
chapters before we really start talking about JSPs. This JSP isn’t 
actually a particularly good one, either (because of its scriptlet code, 
which we’ll talk about later in the book). For now it should be pretty 
easy to read, and if you want to experiment a little, go for it. Although 
we could test this JSP now from the browser, we’ll wait until after we 
modify the servlet (version three) to see if it works. 


Here’s the JSP... 

<%@ page import="java•util•*" %> 



This is 3 di\rcd*tivc W 

(y/cVc i-t^s pretty 

obvious whai this ohC does). 


<html> 

<body> s-bhdavd WTIV\L is k^owh as 

<hl align= 〃 center〃>Beer Recommendations JSP</hl> W tcrhploi-tc ihc J£P wov-ld). 

<p> 


<% 


List styles = (List) request • getAttribute (''styles ”）； 
Iterator it = styles . iterator () ; 
while(it.hasNext ()) { 

out .print (''<br>try: 、' + it. next ()); 


%> 

</body> 

</html> 


Some s-ta^dav-d Java sittmg 
ihsidc <% %> -tags (this is 
khowh as s^viptlct Code)- 


wcVc jettmg av\ at-tv-ibu-tc 
•(Vom the object, h 

little btc\r ih -the book ； well 
expb’m cvc\ryth*mg about 
attv-ibutes oihd how wc rvtoiha^ed 
■to get the \rc<\ucs-t obje^-t... 


Deploying the JSP 

We don’t compile the JSP (the Container does that at first request) 
But we do have to: 

1 - Name it “result.jsp”. 

2 - Save it in the development environment, in: /web/. 

3 - Move a copy of it to the deployment environment in /Beer-vl/. 



<% 

3 

%> 





<html> 

<body> 

</body> 

</html> 


result.jsp form.html 


you are 


here ► 
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dispatching a request to a JSP 


Enhancmg the servlet to \d\V the JSP (version three) 

In this step we’re going to modify the servlet to “call” the JSP to produce the output 
(view). The Container provides a mechanism called “request dispatching” that 
allows one Container-managed component to call another, and that’s what we’ll 
use — the servlet will get the info from the model, save it in the request object, then 

dispatch the request to the JSP. 


The important changes we must 
make to the servlet: 


1 - Add the model component’s answer to the request object, so that 
the JSP can access it. (Step 4) 


2 - Ask the Container to forward the request to “result.jsp”. (Step 5) 


1 ■ The browser sends the 
request data to the container. 


Container 


Web 

browser 


Client 






2 - The Container finds the 
correct servlet based on the 
URL, and passes the request to 
the servlet. 

3 - The servlet calls the 
BeerExpert for help. 

4 - The expert class returns an 
answer, which the servlet adds 
to the request object. 

5 - The servlet dispatches to 
the JSP. 

6 - The JSP gets the answer 
from the request object. 

7 - The JSP generates a page 
for the Container. 


8 - The Container returns the 
page to the happy user. 
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hands-on 


Code for servlet version three 

Here’s how we modified the servlet to add the model 
component’s answer to the request object (so the JSP 
can retrieve it), and how we asked the Container to 
dispatch to the JSP. 


package com.example.web; 


import 

import 

import 

import 

import 


com.example.model•*; 
javax.servlet.*; 
javax.servlet.http•*; 
java•io•*; 
java.util•*; 


public class BeerSelect extends HttpServlet { 


public void doPost(HttpServletRequest request, 

HttpServletResponse response) 
throws 工 OException, ServletException { 


String c = request • getParameter (''color ’’）； 
BeerExpert be 二 new BeerExpert(); 

List result = be.getBrands(c); 


// response . setContentType (''text/html"); 

// PrintWriter out = response.getWriter(); 

/ / out. print In (''Beer Selection Advice<br>〃) 


Now 七 ha 七七 he is 

<_pv*odudc -the output, wc should 

\rcmovc the "test output -fvorw the 
servlet Wt it out so 

that you ^ould still see it hcv-c. 


request. setAttribute (' 、 styles 〃， 


result); 



Add a 於 aUvibu-tc *to 七 

object *foV" JSP *to use* Notice 

i\^t JSP is lookm^ ^ov 


RequestDispatcher view = 

request.getRequestDispatcher (''result, jsp") 

view.forward(request, response); 


dis F ^h c , U -tl c J S p 


V Use the \rc<\ucst dispa-Uhcv- -to ask 

the Coh-ta*mc\r -to trav\k up the JSP, 
sc^dihj it -the \rc<\ucst av\d v-cspohsc. 
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compile, deploy, and test 


Compile, deploy, and test the final app! 

In this chapter we’ve built an entire (albeit tiny) MVG application 
using HTML, servlets and JSPs. You can add this to your resume. 


Compiling the servlet 

We’ll use the same compiler command that we used earlier: 



% cd beerVl 

% javac -classpath /Users/bert/Applications2/tomcat/coinmon/lib/ 
servlet - api.jar:classes:• - d classes src/com/example/web/BeerSelect.java 


Deploying and testing the web app 

Now it’s time to redeploy the servlet. 


1 - Move a copy of the servlet’s .class file to ../Beer-vl/WEB-INF/classes/com/example/web/ 
(again, this will replace the previous version two class file). 


3 - Shutdown and restart tomcat 


4 - Test the app via form.html 


File Edit Window Help SaveYourself 


% cd tomcat 
% bin/shutdown.sh 
% bin/startup.sh 


PUJ I fnrrn html 

http://localhost:8080/Beer-v1/form.html 

Beer Selection Page 


Scleci beer choracierijitics 


Color ： light : , 


r Submil/ 





rtcvcs YiV^at 70U should see! 



fnrm.html 

Beer Recommendations JSP 

try: Jail Pale Ale 
try: Gout Stout 
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hands-on 


OK so now he can do an MVC app, 
but he still has no clue how to use 
the JSP expression language, or JSTL, 
or write a custom tag, or use a filter, and I 
caught him playing a Weezer CD and it was 
AFTER the green album. He still has SO 
much to learn... 



There is still so much to learn. 


The party’s over. You had three whole chapters to cruise along, write a little 
code, review the whole HTTP request/response thing. 

But there’s still 200 mock exam questions waiting for you in this book, and 
they start with the next chapter. Unless you’re already familiar with servlet 
development and deployment, you really shouldn’t turn the page until after 
you actually do the tutorial in this chapter. 

Not that we’re trying to pressure you or guilt-trip you or anything... 


you are here ► 
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4 request AND response 


Being a Servlet 


/ He used a GET 
request to update the 
database. The punishment will 
be most severe... no ''Yoga 
\ with 5uzy 〃 classes for 

90 days. / 一 〆 


O 



Servlets live to service clients. A servlet’s job is to take a client’s 
request and send back a response. The request might be simple: “get me the 
Welcome page. w Or it might be complex: “Complete my shopping cart check-out. 
The request carries crucial data, and your servlet code has to know how to find 
it and how to use it. The response carries the info the browser needs to render 
a page (or download bytes), and your servlet code has to know how to send it. 
Or not... your servlet can decide to pass the request to something else (another 
page, servlet, or JSP) instead. 


this is a new chapter 


93 




official Sun exam objectives 




The Servlet Technology Model 

1.1 For each of the HTTP Methods (such as 
GET, POST, HEAD, and so on), describe 
the purpose of the method and the technical 
characteristics of the HTTP Method protocol, 
list triggers that might cause a client (usually a 
Web browser) to use the Method, and identify 
the HttpServlet method that corresponds to the 
HTTP Method. 

1.2 Using the HttpServletRequest interface, write 
code to retrieve HTML form parameters from 
the request, retrieve HTTP request header 
information, or retrieve cookies from the 
request. 

1.3 Using the HttpServletResponse interface, write 
code to set an HTTP response header, set 
the content type of the response, acquire a 
text stream for the response, acquire a binary 
stream for the response, redirect an HTTP 
request to another URL, or add cookies to the 
response.* 

1.4 Describe the purpose and event sequence of 
the servlet lifecycle: (1) servlet class loading, 
(2) servlet instantiation, (3) call the init() 
method, (4) call the service() method, and (5) 
call the destroy() method. 


Coverage Notes: 

All of the objectives in this section are covered 
completely in this chapter, with the exception 
of the cookies part of objective 1.3. A lot 
of the content in this chapter was touched on 
in chapter two, but in chapter two we said, 
“Don’t worry about memorizing it.” 

In this chapter,you DO have to slow down, 
really study, and memorize the content. No 
other chapter will cover these objectives in 
detail, so this is it. 

Do the exercises in the chapter, review the 
material, then take your first mock exam at the 
end of the chapter. If you don’t get at least 
80% correct, go back through the chapter to 
figure out what you missed, BEFORE you 
move on to chapter five. 

Some of the mock exam questions that belong 
with these objectives have been moved into 
chapters 5 and 6, because the questions require 
additional knowledge of some of the topics we 
don’t cover until those chapters. That means 
there are fewer mock exam questions in this 
chapter, and more in later chapters, to avoid 
testing you on topics you haven’t covered. 

Important note: while the first three chapters 
covered background information, from this page 
forward in the book, virtually everything you’re 
going to see is directly related to or explicitly 
part of the exam. 


We won’t say much about the objectives 
related to cookies until the Sessions chapter. 
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request and response 


Servlets are controlled by the Container 

In chapter two we looked at the Container’s overall role in a servlet’s life — it 
creates the request and response objects, creates or allocates a new 
thread for the servlet, and calls the servlet’s service() method, passing the 
request and response references as arguments. Here’s a quick review... 


① 



servlet 




container 


Client 


② 



// f l i h M A Q 

Client 



③ 





User clicks a link that has a URL 
to a servlet. 


The Container “sees” that the 
request is for a servlet, so the 
container creates two objects: 

1) HttpServletResponse 

2) HttpServletRequest 


The Container finds the correct 
servlet based on the URL in the 
request, creates or allocates 
a thread for that request, and 
calls the servlet’s service() 
method, passing the request and 
response objects as arguments. 


you are here ► 
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Servlets and the Container 


The story continues... 


④ 



Client 



「1 O 1 

- servlet 

container ) 



doGet(request, response) 


The service() method figures out 
which servlet method to call based 
on the HTTP Method (GET, POST, 
etc.) sent by the client. 

The client sent an HTTP GET 
request, so the service。method 
calls the servlet’s doGet() method, 
passing the request and response 
objects as arguments. 


⑤ 



Client 



The servlet uses the response 
object to write out the response 
to the client. The response goes 
back through the Container. 



The service() method completes, 
so the thread either dies or returns 
to a Container-managed thread 
pool. The request and response 
object references fall out of scope, 
so these objects are toast (ready 
for garbage collection). 

The client gets the response. 


96 


chapter 4 






































































request and response 


Put there's more to a servlet's life 

We stepped into the middle of the servlet’s life, but that still leaves 
questions: when was the servlet class loaded? When did the servlet’s 
constructor run? How long does the servlet object live? When should 
your servlet initialize resources? When should it clean up its 
resources? 

The servlet lifecycle is simple; there’s only one main state — initialized. 
If the servlet isn’t initialized, then it’s either being initialized (running 
its constructor or init()method), being destroyed (running its destroy() 
method), or it simply does not exist. 


\ 

does not exist 



Web Container 


Servlet Class 


Servlet Object 



Load class 


101101 

T^l 

101101 


10101000010 

1010 10 

0 

01010 1 


1010101 


10101010 


1001010101 


AServlet.class 


Instantiate servlet (constructor runs) 



service() 



os 七 d rts l 1 心 • 






9 f cd OUCt m -the s^vlc^s 
must Complete bcW 
Cohta.hCV ^|| stWyttO. 




d 


f 1 S ^ 9 iVC ^ 

a ^ ^ up bcW ihc 

is killed (U, made veady 4v 

Like ihitO ； Vs 

called ohly ohde. 
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the Servlet API 


Your servlet inherits the lifecycle methods 



Servlet interface 

(javax.servlet.Servlet) 

Soviet says 

all soviets have these 
^ods (i^ m 

bold 辦 li^ydc methods). 


— 恤 API _ ks … 


GenericServlet class 

(javax.servlet.GenericServlet) 

is ^ abst^t ,| ass iha i 
"ft X si ^ ihe ^ 七 


HttpServlet class 

(javax.servlet.http.HttpServlet) 

oUk servle^^e st^ttO 

^ke just AKV old soviet it 二 。丄 

Wt al yre^est a^d ? 


MyServlet class 

(com.wickedlysmart.foo) 

Mos*t o( youv scv-vlc*t^css is handled by supcv-dlass w>c*thods. 
All you do is ovevv-ide *thc HTTP r^rtllods you ^ccd. 
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request and response 


The Three Pig Lifecycle Moments 


o 

init() 


When it’s called 

The Container calls init() on 
the servlet instance after the 
servlet instance is created but 
before the servlet can service 
any client requests. 


What it’s for 

Gives you a chance to 
initialize your servlet before 
handling any client requests. 


o 

service() 


When it’s called 

When the first client request 
comes in, the Container starts 
a new thread or allocates a 
thread from the pool, and 
causes the servlet's service() 


What it’s for 

This method looks at the 
request, determines the HTTP 
method (GET, POST, etc.) 
and invokes the matching 
doGetQ, doPost(), etc. on the 


method to be invoked. servlet. 


❺ 

doGet() 

and/or 

doPost() 


When it’s called 

The service() method invokes 
doGet() or doPost() based on 
the HTTP method (GET, POST, 
etc.) from the request. 

(We’re including only doGet() 
and doPost() here, because 
those two are probably the only 
ones you'll ever use.) 


What it’s for 

This is where your code 
begins! This is the method 
that’s responsible for whatever 
the heck your web app is sup¬ 
posed to be DOING. 

You can call other methods on 
other objects, of course, but it 
all starts from here. 


Do you override it? 

Possibly. 

If you have initialization code 
(like getting a database con¬ 
nection or registering yourself 
with other objects), then you’ll 
override the init() method in 
your servlet class. 


Do you override it? 

No. Very unlikely. 

You should NOT override the 
service 。 method. Your job is 
to override the doGet() and/or 
doPost() methods and let the 
service() implementation from 
HTTPServlet worry about 
calling the right one. 


Do you override it? 

ALWAYS at least ONE of 
them! (doGet() or doPostf)) 

Whichever one(s) you 
override tells the Container 
what you support. If you 
don’t override doPost(), for 
example, then you’re telling 
the Container that this servlet 
does not support HTTP POST 
requests. 


you are here ► 


99 




servlet threads 


I think I got this... so the Container 
calls my servlefs init() method, but if I don’t 
override init(), the one from GenericServlet runs. 
Then when a request comes in, the Container starts 
or allocates a thread and calls the serviceQ method, 
which I don't override, so the serviceQ method from 
HttpServlet runs. The HttpServlet serviceQ 
method then calls my overridden doGet() or 
doPost(). So each time my doGet() or doPost() 
runs, ifs in a separate thread. 



Servlet initialization 



Thread A 

The Container calls init() 
on the servlet instance 
after the servlet instance is 
created but before the servlet 
can service any client 
requests. 

If you have initialization 
code (like getting a database 
connection or registering 
yourself with other objects), 
then you’ll override the 
init() method in your 
servlet class. Otherwise, 
the init() method from 
GenericServlet runs. 


The service() method is always 
called in its own stack... 



Client request 

doGet() 
service() 

Thread B 

When the first client 
request comes in, the 
Container starts (or finds) 
a thread and causes the 
servlet’s service() method to 
be invoked. 

You normally will NOT 
override the service() 
method, so the one from 
HttpServlet will run. The 
service() method figures 
out which HTTP method 
(GET, POST, etc.) is in 
the request, and invokes 
the matching doGet() or 
doPost() method. The 
doGet() and doPost() 
inside HttpServlet don’t do 
anything, so you have to 
override one or both. This 
thread dies (or is put back 
in a Container-managed 
pool) when service() 
completes. 


Client request 2 



Thread C 

When the second (and all 
other) client requests come 
in, the Container again 
creates or finds a another 
thread and causes the 
servlet’s service() method to 
be invoked. 

So, the service。—> doGet() 
method sequence happens 
each time there’s a client 
request. At any given 
time, you’ll have at least 
as many runnable threads 
as there are client requests, 
limited by the resources 
or policies/configuration 
of the Container. (You 
might, for example, have 
a Container that lets you 
specify the maximum 
number of simultaneous 
threads, and when the 
number of client requests 
exceeds that, some clients 
will just have to wait.) 
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request and response 


Each request runs m a separate thread! 

You might hear people say things like, “Each instance of the servlet".’’ but that’s just 
wrong. There aren’t multiple instances of any servlet class, except in one special case 
(called SingleThreadModel, which is inherently evil), but we’re not talking about that 
special case yet. 

The Container runs multiple threads to process multiple requests to a 
single servlet. 


And every client request generates a new pair of request and response objects. 


Container 



Client A 



Web 

browser 

i 





thread A 


HTTP 、吻 




response 


request 


request 


response 


dl'icv^-b y-b a scfava-bc 
iWtad tat\\ yre^uest, and the 
Co^'mcv alUate 一 呼辻 

vesponse 



This is confusing... in the 
picture above you show two differ¬ 
ent clients, each with its own thread. 
What happens if the same client 
makes multiple requests? Is it one 
thread per client or one thread per 
request? 


\ I 

One thread per request. The 
Container doesn’t care who makes 
the request — every incoming request 
means a new thread/stack. 


o ： 

What if the Container uses 
clustering, and distributes the app 
on more than one JVM? 


A • 

Imagine the picture above is 
for a single JVM, and each JVM has the 
same picture. So for a distributed web 


app, there would be one instance of 
a particular servlet per JVM, but each 
JVM would still have only a single 
instance of that servlet. 


0： 

I noticed that HttpServlet 
is in a different package from 
GenericServlet … how many servlet 
packages are there? 


A i 

Everything related to servlets 
(but excluding JSP stuff) is in either 
javax.servlet or javax.servlet.http. 

And it’s easy to tell the difference... 
things that have to do with HTTP is 
in the javax.servlet.http package, and 
the rest (generic servlet classes and 
interfaces) are in javax.servlet. We’ll 
see JSP-related chapters later in the 
book. 
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serWef initialization 


In the beginning: loading and initializing 

The servlet starts life when the Container finds the servlet class file. 
This virtually always happens when the Container starts up (for 
example, when you run Tomcat). When the Container starts, it looks 
for deployed web apps and then starts searching for servlet class files. 
(In the Deployment chapter, we’ll go into more details of how, why, 
and where the Container looks for servlets.) 

Finding the class is the first step. 

Loading the class is the second step, and it happens either on Container 
startup or first client use. Your Container might give you a choice about 
class loading, or it might load the class whenever it wants. Regardless 
of whether your Container gets the servlet ready early or does it just- 
in-time when the first client needs it, a servlet’s service() method will not 
run until the servlet is fully initialized. 


Your servlet is always 
loaded and initialized 
BEFORE it can service 
its first client request. 


init() always completes before the first call to service() 



FLEX YOUR hlND 

Why is there an init() method? In other 
words, why isn’t the constructor enough for 
initializing a servlet? 


What kind of code would you put in the init() 
method? 


Hint: the init() method takes an object 
reference argument. What do you think the 
argument to the init() method might be, and 
how (or why) would you use it? 
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request and response 


does not exist 


Servlet Initialization: 

when an object becomes a servlet 


I constructor \ 
VJnitQ y 


▲ 


destroy() 



serviceQ 


丁 “ 七 () 一 : W W :。 



The proudest moment of my life is 
when the Grand Master Container makes 
me a servlet, by making a ServletConfig for me, and 
calling my init(). Before that, I’m just an ordinary object. 
But as a servlet, I have special privileges (besides the 
secret handshake), like the ability to log events, 
get references to other resources, and store 
attributes for other servlets... 





A servlet moves from does not exist to initialized (which 
really means ready to service client requests), beginning with a 
constructor. But the constructor makes only an object, not 
a servlet. To be a servlet, the object needs to be granted 
servletness. 

When an object becomes a servlet, it gets all the unique 
privileges that come with being a servlet, like the ability to 
use its ServletContext reference to get information from the 
Container. 

Why do we care about initialization details? 


Because somewhere between the constructor and the init() 
method, the servlet is in a Schroedinger’s* servlet state. You 
might have servlet initialization code, like getting web app 
configuration info, or looking up a reference to another part 
of the application, that will fail if you run it too early in the 
servlet’s life. It’s pretty simple though, if you remember to put 
nothing in the servlet’s constructor! 

There’s nothing that can’t wait until init(). 


* If your quantum mechanics is a little rusty—you might want to do a Google search 
on “Schroedinger’s Cat". (Warning: pet lovers, just don’t go there.) When we refer 
to a Schroedinger state, we mean something that is neither fully dead or fully alive, 
but in some really weird place in between. 
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ServletConfig and ServletContext 


What does fi being a servlet 9 buy you? 


What happens when a 
servlet goes from this: 


object 




o 







① A ServletConfig object 


■ 


Watch it! 


Don，t confuse 
ServletConfig 
parameters with 
ServletContext 
parameters! 


We don’t really talk about these until 
the next chapter, but so many people 
qet them confused that we want to 

plant the seed early: pay attention to 

the differences. 

Start by looking at the names: 
ServletConfig has the word config m 
it for “configuration”. It’s about deploy¬ 
time values you ! ve configured for the 
servlet (one per servlet). Things your 
servlet might want to access that you 
don’t want to hard code, like maybe a 

database name. 

ServletConfig parameters won t 
change for as long as this servlet is 
deployed and running. To change 
them, you } ll have to redeploy the 
servlet. 

ServletContext should have been 
named AppContext (but they didn t 
listen to us), because there’s only one 
per web app, NOT one per serv et. 
Anyway, well get into all this in the 
next chapter—this is just a heads-up. 


■ 


■ 


■ 


② A 


■ 


■ 


■ 


■ 


One ServletConfig object per servlet. 

Use it to pass deploy-time information to the servlet (a 
database or enterprise bean lookup name, for example) 
that you don’t want to hard-code into the servlet (servlet 
init parameters). 

Use it to access the ServletContext. 

Parameters are configured in the Deployment Descriptor. 


ServletContext 


One ServletContext per web app. (They should have named it 
AppContext.) 

Use it to access web app parameters (also configured in the 
Deployment Descriptor). 

Use it as a kind of application bulletin-board, where you can 
put up messages (called attributes) that other parts of the 
application can access (way more on this in the next chapter). 

Use it to get server info, including the name and version of the 
Container, and the version of the API that’s supported. 
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request and response 


Put a Servlefs REAL job is to handle requests. 
Thafs when a servlet's life has meaning. 


In the next chapter we’ll look at ServletGonfig and ServletGontext, but for 
now, we’re digging into details of the request and response. Because the 
ServletGonfig and ServletGontext exist only to support your servlet’s One 
True Job: to handle client requests! So before we look at how your context 
and config objects can help you do your job, we have to back up a little and 
look at the fundamentals of the request and response. 

You already know that you’re handed a request and response as arguments 
to the doGet() or doPost() method, but what powers do those request and 
response objects give you? What can you do with them and why do you care? 


Iharpen your pencil 


Label the missing pieces (the 
empty boxes) of this lifecycle 
timeline. (Check your answers with 
the timeline shown earlier in this 
chapter.) 

Add your own annotations as well 
to help you remember the details. 


Web Container 


Servlet Class Servlet Object 



101101 ^ 

101101 
10101000010 
1010 10 0 
01010 1 
1010101 
10101010 
1001010101 


AServlet.class 
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Request and Response 


Request and Response: the key to everything, 
and the arguments to service0* 


ServletRequest interface 

(javax.servlet.ServletRequest) 


ServletResponse interface 

(javax.servlet.ServletResponse) 


HttpServletRequest interface 

(javax.servlet.http.HttpServletRequest) 

_I_ 


《 interface 〉〉 

HttpServletRequest 


getContextPath(): String 
getCookiesf) : Cookie[] 
getHeader(String) : String 
getQueryString() : String 
getSession(): HttpSession 
getMethod() : String 
//MANYmore methods... 


V^cadcv-s, a^d session. 


《 interface 〉〉 


〈〈 interface 〉〉 

ServletRequest 


ServletResponse 

getAttribute(String) : Object 


getBufferSize() : int 

getConteritLength() : int 


setContentType(String): void 

getlnputStream() : ServletlnputStream 


setContentLength(int): void 

getLocalPort() : int 


getOutputStream() : ServletOutputStream 

getParameter(String) : String 


getWriter() : PrintWriter 

getParameterNames() : Enumeration 


//MANYmore methods... 

II many more metnods … 



HttpServletResponse interface 

(javax.servlet.http.HttpServletResponse) 

I 


《 interface 〉〉 

HttpServletResponse 


addCookie(Cookie) : void 
addHeader(String name, String value) : void 
encodeRedirectURL(String url) : String 
sendError(int): void 
setStatus(int) : void 
//MANYmore methods... 


3 took ^ header. 


The request and response objects are also arguments to the other 
HttpServlet methods that you write — doGet(), doPost(), etc. 
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^iierei^ireaio 

Dumb Questions 

Who implements the interfaces for HttpServletRequest 
and HttpServletResponse? Are those classes in the API? 


The Container, and No. The classes aren’t in the API because 
they’re left to the vendor to implement. The good news is, you 
don’t have to worry about it. Just trust that when the serviceO 
method is called in your servlet, it’ll be handed references to 
two perfectly good objects that implement HttpServletRequest 
and HttpServletResponse. You should never care about the 
actual implementation class name or type. All you care about 
is that you’ll get something that has all the functionality from 
HttpServletRequest and HttpServletResponse. 

In other words, all you need to know are the methods you can call 
on the objects the Container gives you as part of the request! 

The actual class in which they’re implemented doesn’t matter to 
you — you’re referring to the request and response objects only by 
the interface type. 

o ： 

Am I reading this UML correctly? Are those interfaces 
extending interfaces? 

A • 

X^ # Yes. Remember, interfaces can have their own inheritance 
tree. When one interface extends another interface (which is all 
they can do — interfaces can’t implement interfaces), it means 
that whoever implements an interface must implement all the 
methods defined in both the interface and its superinterfaces. This 
means, for example, that whoever implements HttpServletRequest 
must provide implementation methods for the methods declared 
in the HttpServletRequest interface and the methods in the 
ServletRequest interface. 

o ： 

I’m still confused about why there’s a GenericServlet 
and ServletRequest and ServletResponse. If nobody's doing 
anything except HTTP servlets... then what’s the point? 

A I 

We didn’t say nobody. Somebody, somewhere, one could 
imagine, is using the servlet technology model without the HTTP 
protocol. Just nobody we’ve met personally or read about. Ever. 

Still, the flexibility was designed into the servlet model for those 
who might want to use servlets with, say, SMTP or perhaps a 
proprietary custom protocol. The only support built-in to the API, 
though, is for HTTP, and that’s what virtually everyone’s using. 


The exam doesn’t 
expect you to know 
how to develop with 
non-HTTP servlets. 

You’re not expected to know anything 
about how you might use servlets with 
a protocol other than HTTP. You are, 
however, still supposed to know how 
the class hierarchy works. So you DO 
have to know that HttpServletRequest 
and HttpServletResponse extend from 
ServletRequest and ServletResponse, 
and that most of an HttpServlet’s 
implementation actually comes from 
GenericServlet. 

But that’s it The exam assumes you’re 
an HttpServlet developer. 
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HTTP Methods 


The HTTP request Method determines 
whether do&ctO or doPostO ruws 


The client’s request, remember, always includes a specific 
HTTP Method. If the HTTP Method is a GET, the service() 
method calls doGet(). If the HTTP request Method is a 
POST, the serviceQ method calls doPostQ. 


You keep showing 
doGet() and doPost() 
like they re the only ones... 
but I KNOW there are eight 
methods in HTTP 1.1. 


GET /select/selectBeerTaste. 

jsp ?color=dark&taste=malty 

HTTP/1-1 

Host- www.wickedlysmart.com 

uS ： Agent: _ 
ppc Mac OS X I 

200 C 30624 Ne J ST /advi ^r/selectBee 

Accept: text/xj do 

hTml ； q=0-9-4 Us°er-AglTMo ke [J ，y / Smart - COm 

z c ck ： r osx 二 2 =:: 

ACCept_La l f 0 删 24 Netscape/7 ! 

— - ^ : ⑽仙 U PP U_ cation/ 

HTTP requests 



You probably won’t care 
about any HTTP Methods 
except GET and POST 

Yes, there are other HTTP 1.1 Methods 
besides GET and POST. There’s also 
HEAD, TRACE, OPTIONS, PUT, 
DELETE, and CONNECT. 

All but one of the eight has a matching 
doXXX() method in the Http Servlet 
class, so besides doGet() and doPost(), 
you’ve got doOptions(), doHead(), 
doTrace(), doPut(), and doDelete(). 

There’s no mechanism in the servlet API 
for handling doGonnect(), so it’s not part 
of HttpServlet. 

But while the other HTTP Methods might 
matter to, say, a web server developer, a 
servlet developer rarely uses anything but 
GET and POST 


For most (or probably all) servlet 
development, you’ll use either doGet() 
(for simple requests) or doPost() (to 
accept and process form data), and you 
won’t have to think about the others. 
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request and response 


So if they're not 
important to me... of 
COURSE that means 
they'll be on the 
exam. 



Actually, owe or more of the other 
HTTP Methods might make a (brief) 
appearance on the exam... 

If you’re preparing for the exam, you should be able to 
recognize all of them from a list, and have at least the briefest 
idea of what they’re used for. But don’t spend much time here! 


In the real servlet world, you care about GET and POST. 

In the exam world, you care just a tiny bit about the other 
HTTP Methods as well. 


GET Asks to get the thing (resource / file) at the requested URL 

POST Asks the server to accept the body info attached to the request, and 

give it to the thing at the requested URL It’s like a fat GET... a GET with 
extra info sent with the request. 


HEAD Asks for only the header part of whatever a GET would return. So it’s 

just like GET, but with no body in the response. Gives you info about 
the requested URL without actually getting back the real thing. 


Example d vespo^se *to 

HTTP OPTION 


HTTP/1.1 200 OK 
Server: Apache-Coyote/ 1.1 
Date: Thu, 20 Apr 2004 
16:20:00 GMT 

Allow: OPTIONS, TRACE, 

GET, HEAD, post 

Content-Length: 0 


TRACE Asks for a loopback of the request message, so that the client can see 

what’s being received on the other end, for testing or troubleshooting. 

PUT Says to put the enclosed info (the body) at the requested URL 

DELETE Says to delete the thing (resource / file) at the requested URL 

OPTIONS Asks for a list of the HTTP methods to which the thing at the 

requested URL can respond. 

CONNECT Says to connect for the purposes of tunneling. 


you are here ► 


109 






GET and POST 


The difference between &ET and POST 


POST has a body. That’s the key. Both GET and POST can 
send parameters, but with GET, the parameter data is limited 
to what you can stuff into the Request line. 


TW 




The Request 
headers. 




The HTTP 

method. 


: h s :； 匕 ihc 

Wei) 


JOU ^ o, ihc 




tYS 卜 1 











is 






OV/SCY' 





GET /select/selectBeerTaste.jsp?color=dark&taste=malty HTTP/1.1 
Host: www.wickedlysmart.com 

User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4) Gecko/ 
20030624 Netscape/7.1 

Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/ 

plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1 

Accept-Language: en-us,en;q=0.5 

Accept-Encoding: gzip,deflate 

Accept-Charset: ISO-8859-1 ,utf-8;q=0.7,*;q=0.7 

Keep-Alive: 300 

Connection: keep-alive 


HTTP 

method. 







Thc pHh. 


NO Irc^ucs-t 

P^^rhC-tcirs up hcv-c. 




POST /advisor/selectBeerTaste.do HTTP/1.1 




TV^c 




The Rc^ucs-t 
headev-s. 



钟 a 


V>oAl) 

a\\^ 



Host: www.wickedlysmart.com 

User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4) Gecko/ 
20030624 Netscape/7.1 


Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/ 
plain;q=0.8,video/x-mng,image/png,image/j peg,image/gif;q=0.2, */*;q=0.1 
Accept-Language: en-us,en;q=0.5 
Accept-Encoding: gzip,deflate 
Accept-Charset: ISO-8859-1 ,utf-8;q=0.7,*;q=0.7 
Keep-Alive: 300 
Connection: keep-alive 


color=dark&taste=malty 
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request and response 


Sounds like the 
difference between GET 
and POST is the size of 
the parameter data you 
can send? 


O 

o 



No, it's wot just about the size 

We talked about other issues with GET in chapter one, remember? 

When you use GET, the parameter data shows up in the browser’s 
input bar, right after actual URL (and separated with a 
Imagine a scenario in which you would not want the parameters to 
be visible. 


f=k r> rs 








http://wickedlysmart.com/topSecret/myServlet.do?name=cowgirl&password=hidalgo 




So, security might be another issue. 

Still another issue is whether you need or want end-users to 
be able to bookmark the request page. GET requests can be 
bookmarked; POST requests cannot. That might be really 
important if you have, say, a page that lets users specify search 
criteria. The users might want to come back a week later and try 
the same search again now that there’s new data on the server. 

But besides size, security, and bookmarking, there’s another crucial 
difference between GET and POST — the way they’re supposed 
to be used. GET is meant to be used for getting things. Period. 
Simple retrieval. Sure, you might use the parameters to help figure 
out what to send back, but the point is — you’re not making any 
changes on the server! POST is meant to be used for sending data 
to be processed. This could be as simple as query parameters used 
to figure out what to send back, just as with a GET, but when you 
think of POST, think: update. Think: use the data from the POST 
body to change something on the server. 

And that brings up another issue... whether the request is 
idempotent. If it’s not, you could get into the kind of trouble a little 
blue pill can’t fix. If you’re not familiar with the way the term 
“idempotent” is used in the web world, keep reading... 
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the non-idempotent request 


The story of the wow-idempotewt request 

Diane has a need. She’s trying desperately to purchase Head First Knitting 
from the Wickedly Smart online book shop which, unbeknownst to Diane, is still 
in beta. Diane’s low on money — she has just enough in her debit account to cover 
one book. She considered buying directly from Amazon or the O 5 Reilly.com site, 
but decided she wanted an autographed copy, available only from the Wickedly 
Smart site. A choice she would later come to regret... 



0 Diane hits the CHECKOUT 
button. (She submitted her 
bank account info earlier.) 


Browser sends an HTTP 
request to the server with 
the book purchase info and 
Dianes customer ID number. 



The Container sends the 
request to the Checkout 
servlet for processing. 



Wickedly Smarfs Web 
Server/Container 


② 


Servlet electronically debits 
Dianes bank account. 



③ 


Servlet updates the database 
(takes the book out of inventory, 
creates a new shipping order, etc.). 



④ 


Servlet does NOT 
send an obvious 
response, so Diane 
still sees the same 
shopping cart page 
and thinks... 
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Browser sends an HTTP 
request to the server with 
the book purchase info and 
Dianes customer ID number. 



tel 




u 


Wickedly Smarfs Web 
Server/Container 





























































request and response 


Our story continues... 


⑤ 


The Container sends the 
request to the Checkout 
servlet for processing. 



I—^ 

Wickedly Smarfs Web 
Server/Container 


⑥ 


The servlet does not have a 
problem with Diane buying the 
same book she bought before. 



⑦ 


Servlet electronically debits Dianes 
bank account for the second time. 



⑧ 


Dianes bank accepts the debit, but 
charges her a hefty overdraft fee. 



⑤ 


Remote bank 
account server 


Eventually Diane 
navigates to the 
Check Order Status 
page and sees 
that she has TWO 
orders for the 
knitting book... 



This is not right... I 
meant to buy only ONE book. 
What stupid web app developer 
made THIS? It should have 
recognized a duplicate 
O V transaction... 


⑩ 
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HTTP methods 



Which of the HTTP methods do you think are (or 
should be) idempotent? (Based on your previous 
understanding of the word and/or the Diane double¬ 
purchase story you just read.) Answers are at the 
bottom of this page. 

□ GET 

□ POST 

□ PUT 

□ HEAD 

(We left off CONNECT deliberately, since it’s not part of 
HttpServlet.) 



FLEX YOUR MIND 


What went wrong with Diane’s transaction? 

(And it’s not just ONE thing... there are probably 
several problems the developer must fix.) 


What are some of the ways in which a developer 
could reduce the risk of this? 

(Hint: they might not all be programmatic 
solutions.) 


■ 08 ds 1/1 d 丄丄 H 


0111 Aq )U3)odiu9p! pai9p!suoo jou s! 丄 S0d (i ( up|noi|s jnq) yasjnoA 


P0LH8LU () ； 8Q0p ； U8 ； 0 ； LU8P!-U0U B 8；UM NVO noA L|6nOLH U8A8 
f ； U810dLU8p! SB 丄 fid PUB ‘CV 彐 H ‘ 丄彐 O S8JB|08p 08dS I'I d 丄丄 H 9l | 丄 
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request and response 



Being idempotent is GOOD. It means 
you can do the same thing over and over 
again，with no unwanted side effects! 


Idempotent 


-—- 

GET D 



• • • 




Client 


Servlet 

Servlet sends back a response 
with a generated HTML page. 


NOT Idempotent 



Servlet uses the POST 
data to update the 
database. 



Servlet 

Servlet sends back a response 
with a generated HTML page. 
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idempotent requests 


POST is wot idempotent 

An HTTP GET is just for getting things, and it’s not 
supposed to change anything on the server. So a GET 
is, by definition (and according to the HTTP spec) 
idempotent. It can be executed more than once 
without any bad side effects. 

POST is not idempotent — the data submitted in the 
body of a POST might be destined for a transaction 
that can’t be reversed. So you have to be careful with 
your doPostQ functionality! 


GET is idempotent. POST is not. 

It’s up to you to make sure that your web 
app logic can handle scenarios like Diane’s ， 
where the POST comes in more than once. 



GET is always 

considered 
idempotent in 

HTTP 1-1 — 

...even if you see code on 
the exam that uses the GET 
parameters in a way that causes 
side-effects! In other words, GET 
is idempotent according to the 
HTTP spec. But there’s nothing 
to stop you from implementing a 
non-idempotent doGet() method 
T^^ol /厂 servlet. The client s 
GET request is supposed to be 
idempotent, even if what YOU do 
with the data causes side-effects. 
Always keep in mind the difference 
between the HTTP GET method 
an d your servlet’s doGetQ method. 


Mote' *thc\rc av-c scvcv-al uses of v/ovd 

v/cVc usrnj i*t m HTTP/sc\rvlc*t way 

io s3n\c v-c^ucs-t be made *tv/idc v/i*th 

y\o negative 匕灼 dcs o 灼 -the scv-vcv. IVlc do 
use “idcrwpotcirrt” *to r»\ed^ Sdme VC^UCS-t dlv/dys 

\rc*tu\nr\s same response, Br\d we do HOT B 

v-c«\ucs*t has MO side effects. 
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request and response 


What determines whether the 
browser sends a &ET or POST request? 


GET 




<A HREF= 〃 http://www.wickedlysmart.com/index.html/〃>click here</A> 


POST 


you explicitly 

^ swrphsmgly, |仏 a p 沉 T 


<form method="POST" action=’’SelectBeer • do’’> 


Select beer characteristics<p> 
<select name= 〃 color 〃 size= 〃 l〃> 


<option>light 

<option>amber 


<option>brown 
<option>dark 
</select> 


<center> 

<input type=’’ 
</center> 



SUBMIT〃> 


</form> 




What happens if you do NOT say wethod^POST" in your <forw>? 


<form action= 〃 SelectBeer•do〃> 


Select beer characteristics<p> 
<select name= 〃 color 〃 size= 〃 l〃> 


<option>light 
<option>amber 
<option>brown 
<option>dark 
</select 〉 

<center> 

<input type=’’SUBMIT’’> 
</center 〉 

</form> 


N0 W^aUa^^ tVitks 

〆 

d wC*t^od- 


w pOST )， ? 
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forms and TP 


POST is NOT the default! 


If you don’t put method=“POST” into your form, the default 
is an HTTP GET request. That means the browser sends the 
parameters in the request header, but that’s the least of your 
problems. Because if the request comes in as a GET, that means 
you’ll run into big trouble at runtime if you have only a doPost() 
and not a doGet() in your servlet! 

If you do this: 


<form action= 〃 SelectBeer•do〃> 





And then this: 

public class BeerSelect extends HttpServlet { 

public void doPost (HttpServletRequest request, HttpServletResponse response) 

throws 工 OException, ServletException 

// code here 




… ithe sc\rvlci. 


You’ll get this: 


FAILURE! If your HTML form uses GET instead of 
POST, then you MUST have doGet() in your servlet 
class. The default method for forms is GET. 


o ： 

What if I want to support both 
GET and POST from a single servlet? 


A! 

Developers who want to 
support both methods usually put 
logic in doGet(), then have the 


doPostO method delegate to the 
doGet() method if necessary. 

public void doPost(...) 

throws ... { 

doGet(request, response); 
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request and response 


Sending and using a smgle parameter 


HTML form 


<form method= 〃 POST 〃 action= 〃 SelectBeer•do〃> 

Select beer characteristics<p> 

〈select name="color" size="l"> 
<option>light 
<option>amber 
<option>brown 
<option>dark 
</select> 

<center> 

<input type: 

</center> 

</form> 


• I! ^csc W 听七•，⑽ s 

ss 如以一 d 


SUBMIT〃> 


HTTP POST request 


POST /advisor/SelectBeer.do HTTP/1.1 


Host: www.wickedlysmart.com 

User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-0; en-US; rv:1.4) Gecko/20030624 


Netscape/7.1 


Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x- 
m ng,i mage/png,i mage/j peg,image/gif;q=0.2,*/*;q=0.1 
Accept-Language: en-us,en;q=0.5 


Accept-Encoding: gzip,deflate 
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 
Keep-Alive: 300 

Connection: keep-alive 



“ 加 ― the browse, this 




) 

s 


Servlet class 


public void doPost (HttpServletRequest request, HttpServletResponse response) 

throws 工 OException, ServletException 
String colorParam = request. getParameter (''color A, )； 

// more enlightening code here... 


Oh this example, the SVmg 
^oloirRairam has a value w da^k w ) 


个 

TW»s i\\t 
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form parameters 


Sending awd using TWO parameters 


HTML form 


I '： 一 


<form method= 〃 POST 〃 action= 〃 SelectBeerTaste•do〃> 

Select beer characteristics<p> 

COLOR: 

〈select name="color" size="l"> 

<option>light 飞 一 . • _一 “••11 ov\t 七 hese < 0 ^ 

<option>amber 
<option>brown 
<option>dark 
</select> 

BODY: 

〈select name="body" size="l"> 

<option>light 

h thc associated with the 


u 6 olo)r ，) » 


<option>medium 
<option>heavy 

</select> 

<center> 

<input type= 〃 SUBMIT〃> 
</center> 

</form> 




op-fciohs 

U body ". 


HTTP POST request 


POST /advisor/SelectBeerTaste.do HTTP/1.1 
Host: www.wickedlysmart.com 

User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4) Gecko/20030624 
Netscape/7.1 

Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x- 

m ng,i mage/png,i mage/j peg,image/gif;q=0.2,*/*;q=0.1 

Accept-Language: en-us,en;q=0.5 

Accept-Encoding: gzip,deflate 

Accept-Charset: ISO-8859-1 ,utf-8;q=0.7,*;q=0.7 

Keep-Alive: 300 


Connection: keep-alive 


^co\or=t 


lor=dark&body=heavv, 




Servlet class 


public void doPost (HttpServletRequest request, HttpServletResponse response) 

throws 工 OException, ServletException { 


String colorParam = request. getParameter (''color ^)； 
String bodyParam = request. getParameter (''body^); 

// more code here 


Wow the StHhg variable ^olov-Pa^m 

bodyPa^r, 

has a value o-r “heavy' 
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request and response 


W^cKit! 


You can have thaf^rns^n* 

_I 為 …， ^ ,nnr\rc^ ihpin nnft VdlUQ- I 


wc^tvxL xv. array, insteaa oi gei.^«« ', 

So — 二 ?: 二二： 

means a single parameter (sizes ,for examp ； can se , ec t multiple beer 

<form method=POST 

ac tion="SelectBeer.d 0 "> . 

Select beer characteristics p 

Can Sizes: <P> — ^lue="12oz"> 12 oz.<br> 

〈input type=checkbox name-si va ]_ ue ="16oz"> 16 oz .<br> 

〈input type=checkbox name=si value ="22oz"> 22 oz.<br> 

<input type^checkbox name^sxzes value 

<br><br> 

<center> 

〈input type =,/ SUBMIT > 

</center> 

</form> 

ln your co de , you, use th e getP a 瓣⑽胁 _ 卽轉 . 

Strxng one = request .getParameterValues (''sizes-) [0]; 

String □ s.zes = 鄉 est.g 砂 — ^esrsi 邮卞 

lf you want to see everything in t h e array, just for fun or testing, you can use: 

String [] sizes = revest. getPar^ete^^ ； 

for(int x=0; x < sizes.length ) ^ 

out.println(''<br>sizes. + slzesL J, 

(assume that "ouf is a PrintWriter you got from the response) 
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the HttpServletRequest object 


besides parameters, what else 
caw 丨 get from a Request object? 


The ServletRequest and HttpServletRequest interfaces have a ton 
of methods you can call, but you don’t need to memorize them all. 

On your own, you really should look at the full API for javax.servlet. 
ServletRequest and javax. servlet.http.Http ServletRequest, but here 
we’ll look at only the methods you’re most likely to use in your work 
(and which might also show up on the exam). 

In the real world, you’ll be lucky (or 廳 lucky, depending on your 
perspective), to use more than 15% of the request API. Don } t worry if 
you aren’t clear about how or why you^d use each of these] we’ll see 

more details on some of them (especially cookies) later in the book. 


The client’s platform and browser info 


String client = request. getHeader (''User-Agent A, ); 


The cookies associated with this request 


ServletRequest interface 

(javax.servlet.ServletRequest) 


《 interface 〉〉 

ServletRequest 

getAttribute(String) 

getContentLength() 

getlnputStream() 

getLocalPort() 

getRemotePortf) 

getServerPortf) 

getParameter(String) 

getParameterValues(String) 

getParameterNames() 

//MANYmore methods... 


Cookie [ ] cookies = request. getCookies (); 


The session associated with this client 


HttpSession session — request • getSession (); 


The HTTP Method of the request 


String theMethod = request. getMethod (); 


An input stream from the request 


工 nputStream input = request. getlnputStream (); 


HttpServletRequest interface 

(javax.servlet.http. HttpServletRequest) 


《 interface 〉〉 

HttpServletRequest 

getContextPath() 

getCookies() 

getHeader(String) 

getlntHeader(String) 

getMethod() 

getQueryString() 

getSession() 

II MANY more methods... 
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request and response 




^Jiereiqrejio 

Dumb Questions 


Why would I ever want to get an InputStream from the request? 


A • 

With a GET request, there’s nothing but the request header info. In other words, 
there's no body to care about. BUT... with an HTTP POST, there's body info. Most of the 
time, all you care about from the body is sucking out the parameter values (for example, 
"color=dark”）using request.getParameter(), but those values might be large. It is also 
possible to create a servlet that proceses a computer-driven request in which the body 
of the request holds textual or binary content to be processed. In this case you can use 
the getReader or getlnputStream methods. These streams will only contain the body of 
the HTTP request and not the headers. 




What’s the difference between getHeaderO and get/nfHeader()? Far as I can 
tell, headers are always Strings! Even the getlntHeader() method takes a String 
representing the name of the header, so what's the int about? 


A • 

Headers have both a name (like "User-Agent" or "Host") and a value (like 
"Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv: 1.4) Gecko/20030624 
Netscape/7.1" or “www.wickedlysmart.com”）. The values that come back from 
headers are always in a String form, but for a few headers, the String represents a 
number. The “Content-Length” header returns the number of bytes that make up the 
message-body. The “Max-Forwards” HTTP header, for example, returns an integer 
indicating how many router hops the request is allowed to make. (You might want to 
use this header if you’re trying to trace a request that you think is getting stuck in a 
loop somewhere.) 

You could get the value of the “Max-Forwards” header by using getHeaderO ： 


String forwards 
int forwardsNum 


request. getHeader (''Max-Forwards A, )； 

工 nteger•parselnt(forwards); 


And that works fine. But if you /enow the value of the header is supposed to represent 
an int, you can use getlntHeader() as a convenience method to save the extra step of 
parsing the String to an int: 

int forwardsNum = request. get JntHeader (''Max-Forwards^); 


getServerPort(), getLocalPort(), 

ThP aetServerPortO should be obvious... until you 

: l1!tgloceiPort() means. So lers dotheeasy 
one first: getRemotePort(). F/rsf you shouW as ^ 

Teans "getTe dlenfspoTln fmr words, the port 

====== 


and getRemotePortO are confusing! 

The difference between getLocalPort() and 
aetServerPortO is more subtle—getServerPo 0 
says il to which port was the request ong/najy SENT. 
w L e netLocalPortO says，“on which port did the 
request END UP? !, Ves, there’s a difference, ^cause 
although the requests are sent to a single po (w 
the server is listening), the server turns aroandand 
finds a different local port for each thread so that 
app can handle multiple clients at the same time. 
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lifecycle review 


Review: servlet lifecycle and API 


— BULLET POINTS_ 

■ The Container initializes a servlet by loading the class, 
invoking the servlet’s no-arg constructor, and calling the 
servlet’s init() method. 

■ The init() method (which the developer can override) is 
called only once in a servlet’s life, and always before the 
servlet can service any client requests. 

■ The init() method gives the servlet access to the Serv- 
letConfig and ServletContext objects, which the servlet 
needs to get information about the servlet configuration 
and the web app. 

■ The Container ends a servlet’s life by calling its destroy 。 
method. 

■ Most of a servlet’s life is spent running a service() method 
for a client request. 

■ Every request to a servlet runs in a separate thread! 

There is only one instance of any particular servlet class. 

■ Your servlet will almost always extend javax.servlet.http. 
HttpServlet, from which it inherits an implementation of 
the service() method that takes an HttpServletRequest 
and an HttpServletResponse. 

■ HttpServlet extends javax.servlet.GenericServlet—an 
abstract class that implements most of the basic servlet 
methods. 

■ GenericServlet implements the Servlet interface. 

■ Servlet classes (except those related to JSPs) are in one 
of two packages: javax.servlet or javax.servlet.http. 

■ You can override the init() method, and you must override 
at least one service method (doGetQ, doPost(), etc.). 


〈〈 interface 〉〉 

javax.servlet Servlet 

service (ServletRequest, ServletResponse) 

init(ServletConfig) 

destroy() 

getServletConfig() 

getServletlnfo() 

I 


javax.servlet.GenericServlet 

service(ServletRequest, ServletResponse) 
init(ServletConfig) 

init() 

destroy () 

getServletConfig () 

getServletlnfo() 

getlnitParameter(String) 

getlnitParameterNames() 

getServletContext() 

log(String) 

log(String, Throwable) 



ST 

javax.servlet.http.HttpServlet 


service (HttpServletRequest, HttpServletResponse) 

service (ServletRequest, ServletResponse) 
doGetfHttpServletRequest, HttpServletResponse) 
doPost(HttpServletRequest, HttpServletResponse) 
doHeadfHttpServletRequest, HttpServletResponse) 
doOptions(HttpServletRequest, HttpServletResponse) 
doPut(HttpServletRequest, HttpServletResponse) 
doTracefHttpServletRequest, HttpServletResponse) 
doDelete(HttpServletRequest, HttpServletResponse) 
getLastMod ified (HttpServletRequest) 


com.wickedlysmart.examples.MyServlet 

doPost(HttpServletReq uest, HttpServletResponse) 
myBizMethodQ 


124 chapter 4 



















request and response 


Review: HTTP awd HttpScrvIctRcqucst 


— BULLET POINTS_ 

■ The HttpServlet’s doGet() and doPost() methods take an 
HttpServletRequest and an HttpServletResponse. 

■ The service() method determines whether doGet() or 
doPost() runs based on the HTTP Method (GET, POST, 
etc.) of the HTTP request. 

■ POST requests have a body; GET requests do not, 
although GET requests can have request parameters 
appended to the request URL (sometimes called “the 
query string”). 

■ GET requests are inherently (according to the HTTP 
spec) idempotent. They should be able to run multiple 
times without causing any side effects on the server. GET 
requests shouldn’t change anything on the server. But 
you could write a bad, non-idempotent doGet() method. 

■ POST is inherently not idempotent, so it’s up to you to 
design and code your app in such a way that if the client 
sends a request twice by mistake, you can handle it. 

■ If an HTML form does not explicitly say “method=POST ”， 
the request is sent as a GET, not a POST. If you do not 
have a doGet() in your servlet, the request will fail. 

■ You can get parameters from the request with the 
getParameter(“paramname” ） method. The return value is 
always a String. 

■ If you have multiple parameter values for a given param¬ 
eter name, use the getParameterValues(“paramname ”） 
method that returns a String array. 

■ You can get of/?er things from the request object including 
headers, cookies, a session, the query string, and an 
input stream. 


ServletRequest interface 

(javax.servlet.ServletRequest) 

〈〈 interface 〉〉 

ServletRequest 

getAttribute(String) 

getContentLength() 

getlnputStream() 

getLocalPort() 

getRemotePort() 

getServerPort() 

getParameter(String) 

getParameterValues( String) 

getParameterNames() 

II MANY more methods... 



HttpServletRequest interface 

(javax.servlet.http. HttpServletRequest) 

_L__ 

〈〈 interface 〉〉 

HTTPServletRequest 

getContextPath() 

getCookies() 

getHeader(String) 

getlntHeader(String) 

getMethod() 

getQueryString() 

getSession() 

//MANYmore methods... 
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the HttpServletResponse object 


So that's the Request... 
wow let's seethcRcspowse 

The response is what goes back to the client. The 
thing the browser gets, parses, and renders for the 
user. Typically, you use the response object to get 
an output stream (usually a Writer) and you use that 
stream to write the HTML (or some other type of 
content) that goes back to the client. The response 
object has other methods besides just the I/O 
output, though, and we’ll look at some of them in a 
bit more detail. 


ServletResponse interface 

(javax.servlet.ServletResponse) 




HttpServletResponse interface 

(javax.servlet. http. HttpServletResponse) 

I 

《 interface 》 

HttpServletResponse 

addCookie() 
addHeader() 
encodeURL() 
sendError() 
setStatus() 
sendRedirect() 

//MANYmore methods... 


these -to©... 


use 


TV^csc avc some 

w0 st to— 命 ' 


〈〈 interface 〉〉 

ServletResponse 


getBufferSize() 

setContentType() 
getOutputStream() 
getWriter() 

setContentLength() 
//MANYmore methods. 


Most of Ae time, you use Ae 
Response just to send data 
bact to ihe client. 

You call two mediods on ihe 
response- setContentTypeQ 
and getWriterQ. 

After Aat, you’re simply 

doing I/O to write HTML (op 
sometong else) to Ae stream. 

But you can also use ike 
response to set other headers, 
Send errors, and add cookies. 
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request and response 


Wait a minute... I 
thought we weren*t going 
to send HTML from a servlet 
because ifs so ugly to format 
it for the output stream... 



Using the response for I/O 

OK, yes, we should be using JSPs rather than 
sending HTML back in the response output 
stream from a servlet. Formatting HTML to 
stick in an output stream’s println() method 
hurts. 

But that doesn’t mean you’ll never have to 
work with an output stream from your servlet. 

Why? 

1) Your hosting provider might not support 
JSPs. There are plenty of older servers and 
containers out there that support servlets but 
not JSPs, so you’re stuck with it. 

2) You don’t have the option of using JSPs for 
some other reason, like, you have an incredibly 
stupid manager who won’t let you use JSPs 
because in 1998 his brother-in-law told him 


that JSPs were bad. 


3) Who said that HTML was the only thing you 
could send back in a response? You might send 
something other than HTML back to the client. 
Something for which an output stream makes 
perfect sense. 

Turn the page for an example... 
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sending bytes in the Response 


Imagine you want to send a JAR to the client... 

Let’s say you’ve created a download page where the client can get code 
from JAR files. Instead of sending back an HTML page, the response 
contains the bytes representing the JAR. You read the bytes of the JAR file, 
then write them to the response’s output stream. 


① 


Diane is desperate to download the 
JAR of code for the book she's using 
to learn servlets and JSPs. She 
navigates to the book’s website and 
clicks the ''code jar" link, which refers 
to a servlet named 、、 Code.do〃. 


Browser sends an HTTP 
request to the server with 
the name of the requested 
servlet ( 、、 Code.do 〃） 


The Container sends the 
request to the CodeReturn 
servlet (mapped to the 
name ''Code.do /, in the DD) 
for processing. 





② 


The JAR starts downloading 
onto the client’s machine. 
Diane is pleased. 


The CodeReturn servlet gets the 
bytes for the JAR, then gets an 
output stream from the response, 
and writes out the bytes 
representing the JAR. 




MR 


response 


down¬ 

loading... 
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request and response 


Servlet code to download the JAR 


// a bunch of imports here 


public class CodeReturn extends HttpServlet { 


public void doGet(HttpServletRequest request, HttpServletResponse response) 

throws 工 OException, ServletException { 



response. setContentType (''application/jar") 


ServletContext ctx = getServletContext (); 

Inputstream is = ctx.getResourceAsStream(''/bookCode• jar") 




int read = 0; 

byte[] bytes = new byte[1024]; 



丁 


• cavls U (XWC wC ^ 

一 


u 


Outputstream os = response.getOutputStream() 
while ((read = is.read(bytes)) != -1) { 

os.write(bytes, 0, read); 

} 

os .flush (); 



os.close (); 


Wtrts key part, but it's jus 七 flam 
old l/o!! special just rtad 

JAR bytes, y/vi*tc bytes -to 
output 士 ream 七 ha 七 w 
v-cspor\sc object- 


^Jiereifirejio 

Dumb Questions 

Where was the "bookCode.jar” JAR file located? In other 
words, where does the getResourceAsStreamO method LOOK to 
find the file? How do you deal with the path? 


The getResourceAsStreamO requires you to start with a 
forward slash (7”），which represents the root of your web app. 
Since the web app was named JarDownload, then the directory 
structure looks like the directories in the picture. The JarDownload 
directory is inside webapps (as a peer directory to all the other 
web app directories), then inside JarDownload we put the WEB- 
INF directory, and the code JAR itself. So the file"bookCode.jar 〃 
is sitting at the root level of the JarDownload web app. (Don’t 
worry, we’ll go into deep penetrating details about the deployment 
directory structure when we get to the deployment chapter.) 
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content type 


Whoa. Whafs the deal with coyifgyittypg? 

You might be wondering about this line: 

response . setContentType (''application/jar ”）； 

Or at least you should be. You have to tell the browser what you’re sending back, so the 
browser can do the right thing: launch a “helper” app like a PDF viewer or video 
player, render the HTML, save the bytes of the response as a downloaded file, etc. And 
since you’re wondering, yes when we say content type we mean the same thing as MIME 
type. Content type is an HTTP header that must be included in the HTTP response. 


Gos\\, thanks Server. It’s 
nice of you to tell me what 
typeyouresending back. I’ll 
get the Quicktime player 
ready for the video... 


Here’s my response 
to your request. Its type 
is video/quicktime, and in your 
request you said that was OK. 
And despite my trust issues, 
I believed you. 



1 




Client/Browser 


HTTP response 

_/1.l200 0K 


100 ^Wl?r 
1 01 0010010101 
°010100110101 
111101 0100101 
1010101010001 
101 01100111 0 
0001010010010 
^ 1 0101010 11 


o 

0 


1 


Server/Container 


Common MIME types: 

text/html 

application/pdf 

video/quicktime 

application/java 

image/jpeg 

application/jar 

application/octet-stream 

application/x-zip 



You don’t need to memorize a bunch of content types. 

o 

q You should know what setContentType() does, and how you use it, but you 
don’t have to know even the most common content types except text/html 
What you need to know about setContentType() is mostly common sense... 
for example, it won’t do you any good to change the content type 
AFTER you write to the response output stream. Duh. But that does 
mean that you can’t set a content type, write some stuff, and then 
change the content type and write something different But think about 
it — how would the browser deal with that? It can handle only one type of THING at a 
time from the response. 

To make sure everything works correctly, your best practice (and in some cases a 
requirement) is to always call setContentType() first, BEFORE you call the method that 
gives you your output stream (getWriter() or getOutputStream()). That’ll guarantee you 
won’t run into conflicts between the content type and the output stream. 
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request and response 


^therei^xe^m 

Dumb Questions 


o ： 

Why do you have to set the content 
type? Can’t servers figure it out from the 
extension of the file? 


A • 

Most servers can, for static content. 

In Apache, for example, you can set up MIME 
types by mapping a specific file extension 
(.txt, .jar, etc.) to a specific content type, and 
Apache will use that to set the content type 
in the HTTP header. But we’re talking about 
what happens inside a servlet where there IS 
no file! You’re the one who is sending back 
the response; the Container has no idea what 
you’re sending. 

But what about that last example 
where you read a specific JAR file? Can’t the 
Container see that you're reading a JAR? 


A • 

No. All we did from the servlet was 
read the bytes of a file (that just happened to 
be a JAR file), and turn around and write those 
bytes to the output stream. The Container has 
no idea what we were up to when we read 
those bytes. For all it knows we’re reading 
from one type of thing and writing something 
completely different in the response. 


How can I find out what the common 
content types are? 

# Do a Google search. Seriously. New 
MIME types are being added all the time, but 
you can easily find lists on the Web. You can 
also look in your browser preferences for a list 
of those that have been configured for your 
browser, and you can check your Web server 
configuration files as well. Again, you don’t 
have to worry about this for the exam, and it’s 
not likely to cause you much stress in the real 
world either. 


Wait a second... why would you use a 
servlet to send back that JAR file when you 
can just have the web server send it back as 
a resource? In other words, why wouldn't 
you have the user click a link that goes to 
the JAR instead of to a servlet? Can’t the 
server be configured to send back the JAR 
directly without even GOING through a 
servlet? 


Yes. Good question. You COULD 
configure the web server so that the user 
clicks an HTML link that goes to, say, the JAR 
file sitting on the server (just like any other 
static resource including JPEGs and text 
files), and the server just sends it back in the 
response. 

But... we’re assuming that you might have 
other things that you want to do in that 
servlet BEFORE sending back the stream. You 
might, for example, need logic in the servlet 
that determines which JAR file to send. Or 
you might be sending back bytes that you’re 
creating right there on-the-fly. Imagine a 
system where you take input parameters from 
the user, and then use them to dynamically 
generate a sound that you send back. Sound 
that didn’t previously exist. In other words, 
sound that’s not sitting on the server as a file 
somewhere. You just made it up, and now 
you’re sending it back in the response. 

So you’re right, perhaps our example of just 
sending back a JAR sitting on the server is 
a little contrived, but come on... use your 
imagination here and embellish it with all 
sorts of things you might add to make it worth 
being a servlet. Maybe it’s something as 
simple as putting code in your servlet that — 
along with sending back the JAR — writes 
some info to a database about this particular 
user. Or maybe you have to check to see if he’s 
even allowed to download this JAR, based on 
something you first read from the database. 
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PrintWriter and OutputStream 


You've got two choices for output: 
characters or bytes 

This is just plain old java.io, except the ServletResponse interface 
gives you only two streams to choose from: ServletOutputStream 
for bytes, or a PrintWriter for character data. 


> PrintWriter 


Example: 


PrintWriter writer 


response 


getWriter() 


writer. 


println 


(''some text and HTML"); 


Use it for: 


Printing text data to a character stream. Although you 
can still write character data to an OutputStream, this 
is the stream that’s designed to handle character data. 


> OutputStream 


Example 

ServletOutputStream out = response 


getOutputStream () 


out. 


write 


(aByteArray) 


Use it for: 


Writing anything else! 


You MUST 
memorize 
these methods 

You have to know these for the 
exam - An d it，s tricky. Notice that to 

write t0 a Se/v/efOutputStream 

y° u write ()， but to write to a Print- 
Writer you... printlnf)! Its natural 
t 0 assume that you write to a writer, 
but you don’t If you already use 
java.io, then you’ve been down 
this road. But if you haven% just 
remember: ’ 

println() to a PrintWriter 
write() to an ServletOutputStream 

Make sure you remember that 
the meth od names for getting the 
stream or the writer both drop the 
first word in the returned type: 

ServletOutputStream 

respo/?se.^e^OutputStream() 

PrintWriter 
response. getWriterf) 

You ne ed to recognize WRONG 
method names like: 


im 


m) 


-bV^csc avc 


iStreamQ ^ 


h'terQ 


FVl: The Pv-*m*tl/Vv-i*tc\r actually w y/\raps w -the 
Scv-vlc*t 0 u*tpu*tS*tv-c 3 rw. |)r\ o*t^cv- y/ovds, Pv'm*tlV\ri*tc\r has 
a vrfevcMc *to the Sc\rvlc*tOu*tpu*tS*t\rcam delegates ta\U 
{p it ThevVs jus*t ONB ou*tpu*t s-t\rcam badk *bo dlic^ 
bu*t Pv-*m-tl/V\ri*tc\r w dc 匕 ovates” s*t\rcarw by adding 

level dhavad-tev-—fyic^dly methods. 
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request and response 


You caw set response headers, 
you can response headers 

And you can wonder what the difference is. But think 
about it for a second, then do this exercise. 


Match the method call Draw a line from the HttpResponse method to the method’s behavior, 
with its behavior We did the most obvious one for you. 


response • setHeader ( 、 'foo", ''bar"); 


response • addHeader ( 、 'foo〃, ''bar^); 


response • setlntHeader ( 、 'foo", 42); 



Adds a new header and value to the response, or adds 
an additional value to an existing header. 

A convenience method that replaces the value of an existing 
header with this integer value, or adds a new header and 
value to the response. 

If a header with this name is already in the response, the 
value is replaced with this value. Otherwise, adds a new 
header and value to the response. 


Pretty obvious when you see them all together. 


But for the exam, you should have them memorized so that if 
next Tuesday the guy down the hall asks, “What’s that response 
method that lets me add a value to an existing header?” you 
can, without the slightest pause, say “It’s addHeader, and it 
takes two Strings for the name and value.” Just like that. 

Both setHeader() and addHeader() will add a header and 
value to the response if the header (the first argument to 
the method)is not already in the response. The difference 
between set and add shows up when the header is there. In 
that case: 

«^fHeader() overwrites the existing value 
addH.ea.derQ adds an additional value 

When you call setGontentType( u text/htmr , ), you’re setting a 
header just as if you said: 

setHeader(“content-type”, “text/html ”)； 

So what’s the difference? No difference... assuming you type the 
“content-type” header correctly. The setHeader() method won’t 
complain if you misspell the header names — it just thinks 
you’re adding a new kind of header. But something else will 
fail later, because now you haven’t properly set the content 
type of the response! 




Make vt 1 

There was a response from the node 

wit h headers and quite a payload. 

l\lot one header I tell you 

had more than one value 

for setHeoderO was used in 

(as opposed to addHeaderfh get it?) 


(The -fiv-s-t pevsem "to seirvdi us dKt -file o-P "them 
dd*budlly 七 his poem, y/i"th "the 

a special edition t—sKivt) 
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request redirect 


Put sometimes you just don't wawt to 
deal with the response yourself... 

You can choose to have something else handle the response for 
your request. You can either redirect the request to a completely 
different URL, or you can dispatch the request to some other 
component in your web app (typically a JSP). 


Redirect 


① 




( 3 ^ The servlet decides that 
^ the request should go to a 
completely different URL 


Client types a URL into the 
browser bar... 


The request goes to the 
server/Container. 


— - request 


匪 



⑥ 



^CodeReturn 


The browser gets the response, sees 
the 、、 301" status code, and looks for a 
''Location" header. 


⑤ 

The HTTP response has 
a status code M 301" and 
a ''LocatioiV’ header 
with a URL as the value. 



/ HTTP /1.1 301 oiT 
V? art c orn 



'° a te: Wed, 19 

N ov 2003 
® 3;2 S：40 GMT 
Apache- 

Coyote/i.i 1 

on necti on ： c/ose J 



④ 

The servlet calls 
sendRedirect(aString) on 
the response and that’s it. 


response 
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request and response 


⑦ 


The browser makes a new request 
using the URL that was the value of 
the ''Location” header in the previous 
response. The user might notice that 
the URL in the browser bar changed... 


⑧ 

There's nothing unique 
about the request, even 
though it happened to be 
triggered by a redirect. 


The server gets the thing 
at the requested URL 
Nothing special here. 




request 




⑪ 

The browser renders the 
new page. The user is 
surprised. 



Surprise 


⑲ 

The HTTP response is just 
like any other response... 
except it Isn't coming 
from the location the 
client typed in. 



Im i ro 
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servlet redirect 


Servlet redirect makes the browser do the work 

A redirect lets the servlet off the hook completely. After deciding that it can’t do 
the work, the servlet simply calls the sendRedirectQ method: 


if (worksForMe) { 

// handle the request 
} else { 

response . sendRedirect (''http : // www. oreilly. com"); 


^ u RU .0, tV>e Wowser 


Using relative URLs m sendRedirectO 


You can use a relative URL as the argument to sendRedirect(), instead of specifying 
the whole “http://www...” thing. Relative URLs come in two flavors: with or 
without a starting forward slash 

Imagine the client originally typed in: 


http :// www.wickedlysmart.com/myApp/cool/bar.do 


When the request comes into the servlet named “bar. 
sendRedirectQ with a relative URL that does NOT s 


lo ?, , the servlet calls 


TV>c Co 山 

: ^ so 

.,r; 二 *^ 比:工 


Lit W1 


sendRedirect ( 、 'f00/stuff • html ”）； 

The Container builds the full URL (it needs this for the “ 
puts in the HTTP response) relative to the original Request 


a forward slash 


bcation’’ header it 
URL: 


http :// www.wickedlysmart.com/myApp/cool/f00/stuff.html 


But if the argument to sendRedirectQ DOES start with a forward slash: 


sendRedirect( 'V f00/stuff.html"); 



The -Pov-y/aird slash ai -the 
bcjmh'mj rwca^s Vclativc -to the 
rooi o\ -this y/cb Cohia'mcv-^. 


The Container builds the complete URL relative to the web Container itself, instead 
of relative to the original URL of the request. So the new URL will be: 


http :// www.wickedlysmart.com/f00/stuff.html 


^00" a vicb a??, 
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request and response 


You can’t do a 
m f sendRedirect() 

W9tch it! after writing to the 

response! 

That’s probably obvious, but ifs the LAW so 

we re just making sure. 

If you look up sendRedirect() in 
the API, you’ll see that it throws an 
HlegalStateException if you try to invoke 
it after “the response has already been 
committed. 

By “committed”，they mean that the 
response has been sent That just means 
the data has been flushed to the stream. 

For practical purposes, it means you can 

write to the response and then call 

SJsomepSy professor will tell you that 
technically, you could write to the stream 
without flushing, and then sen„ct 
w 0 Mn，t cause an exception. But it would 
be a completely stupid thing to do, so we 
_，t talk about it. (Except that wejustd,d... 

talk about it...) 

In your servlet, for gosh sakes make a 
decision! Either handle the request or do 
a sendRedirect() to have someone ELSE 

handle the request. 

(By the way, this idea that "once its 

committed it’s too late” also applies to 

setting headers, cookies, status codes, t 

content-type，and so on...) 


foupass/ta Strinq that^ H n object of type URL 

btfl T e - lfthe Con tainercanU m iH lete ° RL 0ra 


H looks so y^iaLl L ± 


s 
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request dispatch 


A request dispatch does the work 
on the server side 



And that’s the big difference between a redirect and a request dispatch — redirect 
makes the client do the work while request dispatch makes something else on the 
server do the work. So remember: redirect = client, request dispatch = server. 
We’ll say more about request dispatch in a later chapter, but these two pages 
should give you a quick look at the highlights. 


Request Dispatch 


① 


⑤ 




User types a servlefs URL 
into the browser bar... 


The request goes 
to the server/ 


Container 


The servlet decides that 
^ the request should go to 
another part of the web 
app (in this case, a JSP) 


^^CodeReturn 


request 


The browser gets the response in the 
usual way, and renders it for the user. 
Since the browser location bar didn’t 
change, the user does not know that 
the JSP generated the response. 


(4) The servlet calls 

RequestDispatcher view = 

request. getRequestDispatcher (''result • j sp〃) 
view.forward(request,response); 

and the JSP takes over the response 



result.jsp 
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request and response 


Redirect vs. Request Pispatch 


I don’t have time for 
this! Tell you what—why 
don’t you call Barney. Maybe 
HE has time for this crap. 



When a servlet does a redirect, ifs like 
asking the client to call someone else 
instead. In this case, the client is the 
browser, not the user. The browser makes 
the new call on the users behalf, after the 
originally-requested servlet says, ''Sorry, 
call this guy instead..." 


The user sees the new URL in the browser. 


Hey Kari, this is Dan... I want your 
help with a client. I’ll forward you 
the details on how to get back to 
him, but I need you to take over now. 


Yes I KNOW you have needs too... yes, i 

KNOW how important the View is in Model View 
Controller.. .no, I don’t think I can find another JSP just 

like that... what? I didn't catch that? You're breaking up... sorry— 
can't hear a thing... losing packets... 



Request 

Dispatch 


When a servlet does a request 
dispatch, ifs like asking a 
co-worker to take over 
working with a client. 

The co-worker ends up 
responding to the client, 
but the client doesn’t 
care as long as someone 
responds. 


The user never knows 
someone else took over, 
because the URL in the 
browser bar doesiVt 
change. 
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review of HttpServletResponse 


Review: HttpScrvIctRcspowsc 


BULLET POI 


NTS^® 


■ 


■ 


■ 


■ 


You use the Response to send data back to the client. 

The most common methods you'll call on the response object 
(HttpServletResponse) are setContentType() and getWriter(). 

Be careful—many developers assume the method is getPr/nfWriter(), but 
it’s getWriter(). 

The getWriter() method lets you do character I/O to write HTML (or 
something else) to the stream. 

You can also use the response to set headers, send errors, and add 
cookies. 

In the real world, you’ll probably use a JSPto send most HTML 
responses, but you may still use a response stream to send binary data 
(like a JAR file, perhaps) to the client. 

The method you call on your response for getting a binary stream is 
getOutputStream(). 

The setContentType() method tells the browser how to handle the 
data coming in with the response. Typical content types are “text/html ”， 
“application/pdf, and “image/jpeg”. 

You don’t have to memorize content types (also known as MIME types). 

You can set response headers using addHeader() or setHeader(). 

The difference depends on whether the header is already part of the 
response. If it is, sefHeader() will replace the value, but addHeader will 
add an additional value to the existing response. If the header is not 
already part of the response, then setHeader() and addHeader() behave 
in exactly the same way. 

If you don’t want to respond to a request, you can redirect the request to a 
different URL The browser takes care of sending the new request to the 
URL you provide. 

To redirect a request, call sendRedirect(aStringl)RL) on the response. 

You cannot call sendRedirect() after the response is committed! In other 
words, if you’ve already written something to the stream, it’s too late to do 
a redirect. 

A request redirect is different from a request dispatch. A request dispatch 
(covered more in another chapter) happens on the server, while a redirect 
happens on the client. A request dispatch hands the request to another 
component on the server, usually within the same web app. A request 
redirect simply tells the browser to go a different URL. 


ServletResponse interface 

(javax.servlet.ServletResponse) 
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request and response 



c 办尹尹在它 


TKoc^ Zxom ^LO^t&z 4 


How would servlet code from a service method (e.g., doPost() ) retrieve the 
value of the “User-Agent” header from the request? (Choose all that apply.) 

Q A. String userAgent = 

request, get Parameter (''User-Agent^); 

Q B. String userAgent = request. getHeader (''User-Agent A, ); 

Q G. String userAgent = 

request.getRequestHeader(''Mozilla"); 

□ D. String userAgent = 

getServletContext () . getlnitParameter (''User-Agent"); 


Which HTTP methods are used to show the client what the server is receiving? 
(Choose all that apply.) 

□ A. GET 

□ B. PUT 

□ G. TRACE 

□ D. RETURN 

□ E. OPTIONS 


Which method of HttpServletResponse is used to redirect an HTTP 
request to another URL? 

□ A. sendURL() 

Q B. redirectURL() 

O G. redirectHttp() 

Q D. sendRedirect() 

Q E. getRequestDispatcher() 
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mock exam 



Which HTTP methods are NOT considered idempotent? (Choose all that 


apply.) 


□ 

A. 

GET 

□ 

B. 

POST 

□ 

G. 

HEAD 

□ 

D. 

PUT 



Given req is a HttpServletRequest, which gets a binary input stream? 
(Choose all that apply.) 


□ 

A. 

□ 

B. 

□ 

G. 

□ 

D. 


BinarylnputStream s = req.getInputStream(); 
ServletlnputStream s = req.getInputStream(); 
BinarylnputStream s = req.getBinaryStream(); 
ServletlnputStream s = req.getBinaryStream(); 



How would you set a header named “CONTENT-LENGTH” in the 
HttpServletResponse object? (Choose all that apply.) 

□ A. response. setHeader (CONTENT - LENGTH, n 1024 n ); 

□ B. response. setHeader ("CONTENT-LENGTH" , "1024"); 
Q G. response.setStatus(1024); 

□ D. response.setHeader("CONTENT-LENGTH",1024); 


Choose the servlet code fragment that gets a binary stream for writing an image 
or other binary type to the HttpServletResponse. 

Q A. java.io.PrintWriter out = response.getWriter(); 

Q B. ServletOutputStream out = response.getOutputStream(); 

Q G. java.io.PrintWriter out = 

new PrintWriter(response.getWriter()); 

□ D. ServletOutputStream out = response.getBinaryStream(); 


142 chapter 4 






request and response 


Which methods are used by a servlet to handle form data from a client? 
(Choose all that apply.) 

□ A. HttpServlet.doHead() 

口 B. HttpServlet.doPost() 

Q C. HttpServlet.doForm() 

□ D. ServletRequest _ doGet() 

Q E. ServletRequest.doPost() 

□ F. ServletRequest. doForm () 


Which of the following methods are declared in HttpServletRequest as 
opposed to in ServletRequest? (Choose all that apply.) 

□ A. getMethod() 

口 B. getHeader() 

□ C. getCookies() 

□ D. getlnputStream() 

Q E. getParameterNames() 


How should servlet developers handle the HttpServlefs service () 
method when extending HttpServlet? (Choose all that apply.) 

Q A. They should override the service () method in most cases. 

Q B. They should call the service () method from doGet () or doPost () 

Q G. They should call the service () method from the init () method. 

Q D. They should override at least one doXXX () method (such as 

doPost ()). 
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How would servlet code from a service method (e.g .， doPost() ) retrieve the 
value of the “User-Agent” header from the request? (Choose all that apply.) 


(API) 


□ A. 
^ B. 


String userAgent = 

request, get Parameter (''User-Agent"); 

String userAgent = request.getHeader (''User-Agent^); 


Q C. String userAgent = 

request.getRequestHeader(''Mozilla"); 


Ui D. String userAgent = 

getServletContext () . getlnitParameter (''User-Agent^); 


d s^o>ws 
method ^3*1 

as a 





； ； : r^ mt ： /V, HTTP 州必 ods) 

Which HTTP methods are used to show the client what the server is receiving? 

(Choose all that apply.) 

□ A. GET 

• PUT 
.TRACE 

□ D. RETURN 

□ E. OPTIONS 



一 This method is tYfi^allY used -poir 
■tv-oublcshootmj, no 七 *fo\r fv-odudtio^. 



Which method of HttpServletResponse is used to redirect an HTTP 
request to another URL? 


□ A. 

□ B. 

□ C. 
^ D. 

□ E. 


sendURL() 
redirectURL() 
redirectHttp() 
sendRedirect() 
getRequestDispatcher() 


Option P is CoYYtC^) o( the 
methods listed, it's i\\t o^ly that 
： >cis-b m rt-btfSc\rvlc-tRcspo^sc 


(API) 
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request and response 


Which HTTP methods are NOT considered idempotent? (Choose all that 
apply.) 

□ A. GET 
B. POST 

□ C. HEAD 

□ D. PUT 




SCV-VCV" 

should 於。 




(rtf 七 


Given req is a HttpServletRequest, which gets a binary input stream? (API) 

(Choose all that apply.) 


□ A. 
^ B. 

□ C. 

□ D. 


BinarylnputStream s = req.getInputStream(); 
ServletlnputStream s = req.getInputStream(); 
BinarylnputStream s = req.getBinaryStream(); 


一 B spc 6 *^'ics tVjc 
七 mcx-V^od av\d v^t 

to^ttk 代 W 於切 ? c . 


ServletlnputStream s = req.getBinaryStream(); 


How would you set a header named “CONTENT-LENGTH” in the 
HttpServletResponse object? (Choose all that apply.) 

□ A. response.setHeader(CONTENT-LENGTH,"1024"); 

^ B. response .setHeader (''CONTENT-LENGTH", "1024"); 
Q C. response.setStatus(1024); 

□ D. response .setHeader (''CONTENT-LENGTH", 1024); 


(API) 


.Option 3 sV^ov/s i\\t torrtci 

S set a，HTTP V^ade, 

c a^d otv^ 如 value- 


OY\t 


Choose the servlet code fragment that gets a binary stream for writing an image 


(API) 


or other binary type to the HttpServletResponse. 

Q A. java.io.PrintWriter out = response.getWriter(); 

0Tb. ServletOutputStream out = response.getOutputStream() 

Q C. java.io.PrintWriter out = 

new PrintWriter(response.getWriter()); 


A *»s mdorredt 
because *i*t uses a 

； dKav-ad*tcv--o\r*ic^tcd 
P/m Writer 


Q D. ServletOutputStream out = response.getBinaryStream(); 
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Which methods are used by a servlet to handle form data from a client? 
(Choose all that apply.) 

□ A. HttpServlet.doHead() 

^ B. HttpServlet.doPost() 

Q C. HttpServlet.doForm() 

□ D. ServletRequest•doGet() 

□ E. ServletRequest.doPost() 

□ F. ServletRequest. doForm () 


(API) 




Which of the following methods are declared in HttpServletRequest as (APP 
iosed to in ServletRequest? (Choose all that apply.) 


c^p 


A. 

B. 

^ G. 

□ D. 

□ E. 


getMethod () 
getHeader() 
getCookies() 
getlnputStream() 
getParameterNames() 


-Optiohs A ； B, av\d C all 

*to domPohCh*ts o-P 

Http 


10 


How should servlet developers handle the HttpServlefs service () P 

method when extending HttpServlet? (Choose all that apply.) 

□ A. They should override the service () method in most cases. 

Q B. They should call the service () method from doGet () or doPost () 

IJt C. They should call the service () method from the init () method. 

LII D. They should override at least one doXXX () method (such as 

doPost ()). 

-Optioh D is do\r\rcd*L 

developers "typi^lly TOdUS oy\ 

七 he do6idO, ahd doPos-tO 
methods 
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5 attributes and listeners 


Being a Web App 



No Servlet stands alone. In today’s modern web app, many 
components work together to accomplish a goal. You have models, controllers, 
and views. You have parameters and attributes. You have helper classes. 

But how do you tie the pieces together? How do you let components share 
information? How do you hide information? How do you make information thread- 
safe? Your life may depend on the answers, so, be sure you have plenty of tea 
when you go through this chapter. And not that foofy herbal decaf crap. 


this is a new chapter 
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offical Sun exam objectives 




The Web Container Model 


Coverage Notes: 


3.1 For the servlet and ServletContext initialization 
parameters: write servlet code to access 
initialization parameters, and create 
deployment descriptor elements for declaring 
initialization parameters. 

3.2 For the fundamental servlet attribute scopes 
(request, session, and context): write servlet 
code to add, retrieve, and remove attributes; 


All of the objectives in this section are covered 
completely in this chapter, with the exception of 
3.3, which is covered in the Filters chapter. 

Most of what’s in this chapter will come up in 
other parts of the book, but if you’re taking the 
exam, THIS is the chapter where we expect you 
to learn and memorize the objective topics. 


given a usage scenario, identify the proper 
scope for an attribute; and identify multi¬ 
threading issues associated with each scope. 


3-3 Describe the elements of the Web container 












request processing model: Filter, Filter chain, 
Request and response wrappers, and Web 
resource (servlet or JSP page). 


3-4 Describe the Web Container lifecycle event 
model for requests, sessions, and web 
applications; create and configure listener 
classes for each scope life cycle; create and 
configure scope attribute listener classes; and 
given a scenario, identify the proper attribute 
listener to use. 

3-5 Describe the RequestDispatcher mechanism; 
write servlet code to create a request dispatcher; 
write servlet code to forward or include the target 
resource; and identify the additional request- 
scoped attributes provided by the container to the 
target resource. 
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attributes and listeners 


I want my email address to 
show up on the beer web page my 
servlet makes... but I think my email 
is gonna change and I don’t want 
to have to recompile my servlet 
code just to change it... 


O 

o 



Kim wants to configure his email 
address in the PR wot hard - code it 
inside the servlet class 


Here’s what Kim does not want in his servlet: 


He’d much rather put his email address in 
the Deployment Descriptor (web.xml file) so that 
when he deploys his web app, his servlet can 


PrintWriter out = response.getWriter(); 

out. println (''blooper@wickedlysmart. com") 




somehow “read” his email address from the 


DD. That way, he won’t have to hard-code 
his address in the servlet class, and to change 
his email he modifies only the web.xml file, 
without having to touch his servlet source code. 
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init parameters 


Iwit Parameters to the rescue 

You’ve already seen the request parameters that can 
come over in a doGet() or doPost(), but servlets can 
have initialization parameters as well. 


In the DP (web.xml) file: 


<servlet> 

<servlet-name>BeerParamTests</servlet-name> 
<servlet_class>TestInitParams</servlet-class> 




yava， 

svaVC 


...vaWc- 


<scr 




<init-param> 

<param-name>adminEmai 1< /par am- name> 

<param-value>likewecare@wickedlysmart.com</param-value> 
</init-param> 


</servlet> 


In the servlet code: 


out. println (getServletConfig () . getlnitParameter (''adminEmail A, )) 






㈣ 愁 : 

▲() 
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attributes and listeners 


You caw't use servlet mit parameters 
until the servlet is initialized 


You already saw that your servlet inherits getServletGonfig(), 
so you can call that from any method in your servlet to get a 
reference to a ServletGonfig. Once you have a ServletGonfig 
reference, you can call getlnitParameter(). But remember, 
you can’t call it from your constructor! "That’s too early in the 
servlet’s life... it won’t have its full servletness until the 
Container calls init(). 


loo 〜 


does not exist 


constructor 


TWs \s init(ServletConfig) 


s 


A〆. 


doPosid ci,.) ^ 
3 心 ^vlciCo^ 


destroy() 


initialized 


s 


yhenlhe Container 
initializes a servlet, 
it makes a unique 

Servlef€onfig fop Ae 
Servlet. 

The Container “ ： reads” 
Ae servlet init 
parameters from the 
DD and gives Aemto 
ihe Servlef€onfig, Aen 
passes Ae SePvlef€onfig 
to ike Servlet’S Mt() 
method. 


^Jiereiqrejio 

Dumb Questions 




Way back in the last chapter, you said it takes 
TWO things for the servlet to become a card-carrying, 
fez-wearing servlet. You mentioned both ServletConfig 
and something called ServletContext. 


A I 

OK, yes, we'll look at the ServletConfexf in just a few 
pages. For now, we care only about ServletCon//g, because 
that’s where you get your servlet init parameters. 

Wait a minute! In the last chapter you said that 
we could override the init() method, and nobody said a 
word about the ServletConfig argument! 


A ! 

We didn’t mention that the init() method takes a 
ServletConfig because the one you override doesn't take 
one. Your superclass includes two versions of init(), one 
that takes a ServletConfig and a convenience version that’s 
a no-arg.The inherited init(ServletConfig) method calls the 
no-arg init() method, so the only one you need to override 
is the no-arg version. 

There’s no law that stops you from overriding the one 
that takes a ServletConfig, but if you DO, then you better 
call super.init(ServletConfig)! But there’s really NO reason 
why you need to override the init(ServletConfig) method, 
since you can always gef your ServletConfig by calling your 
inherited getServletConfigO method. 
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servlet init parameters 


The servlet mit parameters arc read only ONCE— 
whew the Cowtamcr initializes the servlet 

When the Container makes a servlet, it reads the DD and creates the 
name/value pairs for the ServletGonfig. The Container never reads the init 
parameters again! Once the parameters are in the ServletGonfig, they won’t be 
read again until/unless you redeploy the servlet. Think about that. 


① 


Container reads the Deployment Descriptor 
for this servlet, including the servlet init 
parameters (<init-param>). 


Container 


] 


read 






<init-param> 
<param-name> 
foo 

</par am- name> 
<param-value> 
bar 

</param-value> 


web.xml 


② 


Container creates a new ServletConfig 
instance for this servlet. 



ServletConfig 


③ 


Container creates a name/value pair of 
Strings for each servlet init parameter. 
Assume we have only one. 



④ 


Container gives the ServletConfig references 
to the name/value init parameters. 



String 


⑤ 


Container creates a new instance of the 
servlet class. 


⑥ 


Container calls the servlet's init() method, 
passing in the reference to the ServletConfig. 



new 


instance of 
MyServlet.class 




MyServlet.class 
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^iiereiEirejio 

Dumb Questions 


Ifs still way better than 
putting it in my servlet source 
code. All I have to do is change 
the xml and hit the ''redeploy” 
button, and the new address will 
be in the ServletConfig. 



o ： 

So, um, where’s that 
〃 redeploy 〃 button on Tomcat? 


A: 


With Tomcat, there isn't a 


one-button, really simple admin tool 
for deployment and redeployment 
(although there is an admin tool that 
ships with Tomcat). But think about 
it — what’s the worst you have to do to 
change the servlet’s init parameters? 
You make a quick change to the web. 
xml file, shut down Tomcat (bin/ 
shutdown.sh), then restart Tomcat 
(bin/startup.sh). On restart, Tomcat 
looks in its webapps directory, and 
deploys everything it finds there. 


o ： 

Sure it's easy to tell Tomcat 
to shutdown and startup, but 
what about the web apps that are 
running? They all have to go down! 




Technically, yes.Taking your 
web apps down so that you can 
redeploy one servlet is a little harsh. 


especially if you have a lot of traffic 
on your web site. But that’s why 
most of the production-quality Web 
Containers let you do a hot redeploy, 
which means that you don’t have to 
restart your server or take any other 
web apps down. In fact. Tomcat does 
include a monoger tool that will let 
you deploy, undeploy, and redeploy 
entire web apps without restarting 


Tomcat. In a production environment, 
that’s what you’d use. But for testing, 
it’s easier to just restart Tomcat. Info 
on the management tool is at: 

h ttp://jakarta. apache, org/tomcat/ 
tomcat-5.0-doc/manager-howto.html 

But in the real world, even a hot 
redeploy is a Big Deal, and taking 
even a single app down just because 
the init parameter value changed 
can be a bad idea. If the values of 
your init parameters are going to 
change frequently, you’re better off 
having your servlet methods get the 
values from a file or database, but 
this approach will mean a lot more 
overhead each time your servlet code 
runs, instead of only once during 
initialization. 
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Testing your ServletCowfig 

ServletConfig^ main job is to give you init parameters. It can also give 
you a ServletGontext, but we’ll usually get a context in a different way, 
and the getServletName() method is rarely useful. 

In the DD (web.xml) file: 

<?xml version= 〃 l•0 〃 encoding= 〃 ISO-8859-l〃？> 

<web-app xmlns=’’http : //j ava . sun. com/xml/ns/ j 2ee" 

xmlns : xsi= 〃 http:/ / www.w3.org/2001/XMLSchema-instance^ 
xsi : schemaLocation=’’http : //java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" Most 
version="2 • 4"> 

<servlet> 

<servlet-name>BeerParamTests</servlet-name> 

<servlet-class>com.example.TestInitParams</servlet-class> 

<init-param> 

<param-name>adminEmail</param-name> 

<param-value>likewecare@wickedlysmart.com</param-value> 

</init-param> 

<init-param> 

<param-name>mainEmail</param-name> 

<param-value>blooper@wickedlysmart.com</param-value> 

</init-param> 

</servlet> 

<servlet-mapping> 

<servlet-name>BeerParamTests</servlet-name> 

<url-pattern>/Tester.do</url-pattern> 

</servlet-mapping> 

</web-app> 


javax.servlet.ServletConfig 

〈〈 interface 〉〉 

ServletConfig 

getlriitParameterfString) 

Enumeration getlnitParameterNames() 
getServletContext() 
getServletName() 



In a servlet class: 

package com.example; 
import j avax.servlet.*; 
import j avax.servlet.http.*; 
import j ava.io.*; 

public class TestlnitParams extends HttpServlet { 

public void doGet(HttpServletRequest request, HttpServletResponse response) 

throws 工 OException, ServletException { 

response . setContentType (''text/html ”）； 

PrintWriter out = response.getWriter(); 
out. print In (''test init parameter s<br>^); 

j ava.util.Enumeration e = getServletConfig() •getlnitParameterNames(); 
while(e.hasMoreElements() ) { 

out. println (''<br>param name = '' + e . nextElement () + 、 '<br>"); 

} 

out. print In (''main email is '' + getServletConfig().getInitParameter(''mainEmail ’’））； 
out .println ( 、 '<br >’’）； 

out. pr intln (''admin email is '' + getServletConfig ()• getlnitParameter (''adminEmail")); 

} 
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Uh-oh. I just 
realized that in my real app 
rm using JSP to render the 
page. So can a JSP xx see" a 
servlefs init parameters? 




How caw a JSP get servlet 
iwit parameters? 

A ServletGonrig is for servlet configuration (it doesn’t say 
^PGonfig). So if you want other parts of your application 
to use the same info you put in the servlet’s init 
parameters in the DD, you need something more. 

What about the way we did it with the beer 

app? We passed the model info to the JSP 

using a request attribute... 7 ^ 

t o\or 

// inside the doPost() method y 

String color = request • getParameter (''color"); 


BeerExpert be = new BeerExpert(); 
List result = be.getBrands(color); 


1 


Th 


request. setAttribute (''styles” ， result) 

e ,L ari 

T nf 

ws aWc "to y ' 




We could do it this way. The request object lets you set 
attributes (think of them as a name/value pair where the 
value can be any object) that any other servlet or JSP that 
gets the request can use. That means any servlet or JSP to 
which the request is forwarded using a RequestDispatcher. 
We’ll look at RequestDispatcher in detail at the end of 
this chapter, but for now all we care about is getting the 
data (in this case the email address) to the pieces of the 
web app that need it, rather than just one servlet. 
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init parameter limitations 


Setting a request attribute 
works... but owly for the JSPto 
which you forwarded the request 

With the beer app, it made sense to store the model info for 
the client’s request in the request object, because the next step 
was to forward the request to the JSP responsible for creating 
the view. Since that JSP needed the model data and the data 
was relevant to only that particular request, everything was 
fine. 

But that doesn’t help us with the email address, because we 
might need to use it from all over the application! There is a 
way to have a servlet read the init parameters and then store 
them in a place other parts of the app could use, but then 
we’d have to know which servlet would always run first when 
the app is deployed, and any changes to the web app could 
break the whole thing. No, that won’t do either. 

^ 

I wonder if 

v there's something like 、 

( init parameters for the / 
v, application? ) 


O 



But I really want ALL the parts 
of my web app to have access to the 
email address. With init parameters, 

I have to configure them in the DD for every 
servlet, and then have all the servlets make 
them available for the JSPs. How boring 
is that? Not maintainable either. I 
need something more global. 
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attributes and listeners 


Context mit parameters to the rescue 


Context init parameters work just like servlet init parameters, except 
context parameters are available to the entire webapp, not just 
a single servlet. So that means any servlet and JSP in the app 
automatically has access to the context init parameters, so we don’t 
have to worry about configuring the DD for every servlet, and when 
the value changes, you only have to change it one place! 

In the DD (web.xml) file: 


㈣ 


<servlet> 

<servlet-name>BeerParamTests</servlet-name> 
<servlet—class>TestInitParams</servlet-class> 
</servlet> 



<context-param> 

<par am- name>adminEmail</ param-name> 

<param-value>clientheaderror@wickedlysmart•com< / param-value> 
</context-param> 


_LE i 口 咖卜 ，— 


f w <ih 心 


In the servlet code: 


out .println (getServletContextj) . getlnitParameter (''adminEmail ^))； 


^ r ) 


cihod 

把 well). 


OR: 


or^t o\ ^ 
▲tPa 咖如 0 . 



ServletContext context = getServletContext(); 
out.println (context. getInitParameter(' 、 adminEmail 〃））； 


v/c b\rokc oui the Code TWO sieps— 

-the Scv-vIciCo^icx-t a^d dallmg 

its get hi-tPa\ramc-tcvO method. 
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context vs. servlet init parameters 

Remember the difference between servlet mit 
parameters awd context mit parameters 

Here’s a review of the key differences between context init parameters and servlet 
init parameters. Pay special attention to the fact that they’re both referred to as 
init parameters, even though only servlet init parameters have the word “init” in 
the DD configuration. 


Context init parameters Servlet init parameters 


Deployment 

Descriptor 


Within the <web-app> element but NOT 

Within the <servlet> element for each 

within a specific <servlet> element 

specific servlet 

<web-app ...> 

<servlet> 

<context-param> 

<servlet-name> 

<param-name>foo</param-name> 

BeerParamTests 

<param-value>bar</param-value> 

</servlet-name> 

</con text-par am> 

<servlet-class> 


TestInitParams 

<!-- other stuff including 
servlet declarations --> 

</web-app> 

rb docs /七 say 

a—m 妊 c PP 仏 6 十七 

? avar,cWs, v/ay docs 

jfov sewlc 七 ^ 七 pavawcWs- 

</servlet-class> 

<init-param> 

<param-name>foo</param-name> 
<param-value>bar</param-value> 

</init-param> 

<!-- other stuff --> 

</servlet> 

Servlet Code 


getServletContext () .getlnitParameter ( 、 'foo 〃）； 

getServletConfig () .getlnitParameter (''foo ’’）； 

Its sd^e mrthodl r\3n\c! 


Availability 


To any servlets and JSPs that are part 
of this web app. 


To only the servlet for which the <init-param> was 
configured. 
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(Although the servlet can choose to make it more 
widely available by storing it in an attribute.) 









attributes and listeners 


ScrvletCowfig is owe per servlet 
Servlet 如 wfext is one per web app 


There’s only one ServletGontext for an entire web app, and all the 
parts of the web app share it. But each servlet in the app has its own 
ServletGonfig. The Container makes a ServletGontext when a web 
app is deployed, and makes the context available to each Servlet and 
JSP (which becomes a servlet) in the web app. 

， 6o 加七 



it pavams fo\r\ m， *t -fov 

Scv-vlct A ihsidc Scv-vic*t 3 ⑽士 


?avams (or 


Web app initialization: 

■ Container reads the DD and 
creates a name/value String pair 
for each <context-param>. 

■ Container creates a new instance 
of ServletContext. 


■ 


■ 


Container gives the 
ServletContext a reference to 
each name/value pair of the 
context init parameters. 

Every servlet and JSP deployed 
as part of a single web app 
has access to that same 
ServletContext. 






Watch it! 


Don，t confuse 
ServtetConfig 
parameters with 
ServletContext 
parameters! 

You really have to keep these straight on 

Te exam, and irstrm You == 

that both ServletConfig and ServletContext 
have init parameters, and both have the 
same getter method—getlmtParameter(). 

BUT... you also have to know that con ex 
i n it parameters are set with <context-param 
(not inside a <servlet> element) whlle ser ^ et 
init parameters use <init-param> msidethe 
individual <servlet> declarations in the ■ 


Watcli it! 


If the app is 
distributed ， there，s 
one ServletContext 
per JVM! 

If your application is distributed across 
multiple servers (probably in a clustered 
environment), your web app really COULD 
have more than one ServletContext A 
ServletContext is one per app, but only if 
the app is in a single JVM! 

In a distributed environment, you，" have one 
ServletContext per JVM. Now, chances are 
this wo n’t create problems, but if you have a 
distributed web app, you better consider the 
consequences of having different contexts 
for each JVM. 












servlet and context init parameters 


4iereiqrejio 

Dumb Questions 


What’s with the inconsistent naming scheme? 
How come the DD elements are <confexf-param> and 
</n/f-param> but in the servlet code, BOTH use the 
getlnitParameter() method? 


A • 

They didn’t ask us to help them come up with the 
names. If they had, of course, we’d have said it should be 
get/n/fParameter() and getConfexfParameterO, to match 
the XML elements in the DD. Or, they could have used 
different XML elements — perhaps <servlet-init-param> 
and <context-init-param>. But no, that would have sucked 
all the fun out of trying to keep them straight. 


Why would I ever use <init-param> anyway? 
Wouldn't ■ always want to use <context-param> so 
that other parts of my app could reuse the values and 
I won’t have to duplicate XML code for every servlet 
declaration? 


A • 

It all depends on which part of your app is 
supposed to see the value. Your application logic might 
require you to use a value that you want to restrict to 
only an individual servlet. But typically, developers find 
app-wide context init parameters a lot more helpful than 
servlet-specific servlet init parameters. Perhaps the most 
common use of a context parameter is storing database 
lookup names. You’d want all parts of your app to have 
access to the correct name, and when it changes, you 
want to change it in only one place. 


o ： 

What happens if I give a context init parameter 
the same name as a servlet init parameter in the same 
web app? 


A • 

The molecular-sized black hole miraculously 
created in a research facility in New Jersey will slip from its 
containment field, plummet to the earth’s core, and destroy 
the planet. 


Or maybe nothing, because there’s no name space conflict 
since you get the parameters through two different objects 
(ServletContext or ServletConfig). 

0： 

If you modify the XML to change the value of an 
init parameter (either servlet or context), when does the 
servlet or the rest of the web app see the change? 

A • 

ONLY when the web app is redeployed. 

Remember — we talked about this before — the servlet is 
initialized only once, at the beginning of its life, and that’s 
when it’s given its ServletConfig and ServletContext. The 
Container reads the values from the DD when it creates 
those two objects, and sets the values. 


o ： 

Can't I get around this by setting the values at 
runtime? Surely there's an API that'll let me change 
those values dynamically... 


A: 


No, there’s not. Look in ServletContext or 


ServletConfig and you'll find a getter (getlnitParameterO), 
but you won't find a setter. There's no setlnitParameter(). 




That's lame. 




These are init parameters. Init from the Latin word 
initialization. If you think of them purely as deploy-time 
constants, you’ll have the right perspective. In fact, that’s 
so important we’re going to say it again in a bolder way: 


Think of init parameters as 
deploy-time constants! 


You can get them at runtime ， 
but you can’t set them. There’s 
no setlnitParameter(). 
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attributes and listeners 



rcise 



Code Magnets 

Rearrange the magnets to form a DD that declares a 
parameter that matches the servlet code: 

getServletContext () .getlnitParameter (''foo"); 

You won’t use all of the magnets! 

(Note: when you see <web-app ... >, remember that 
this is our short-cut to save space on the page. You 
can’t deploy a web.xml file unless the <web-app> 
tag has all the attributes it needs.) 


com. 


w ickedl 


ys^art.BeerTe.q-ho^ 


</servlet-class> 


<context-param> 

<servlet> 


</init-param> 



</param-name> 


to° 


</para' 


m -value> 


</ servlet 〉 kt < ^ We] °~ a PP>! 






. > 


bar 


rara> 


< 


/ s ervXet-P^^ am ^name> 


If you see “init parameter” without 
knowing if it means servlet or conte 
init parameter, assume servlet. 

Some people use rephrase : 

init parameter, and they use S 。, 二 

Plication parameter” to f 娜 

parameter or a context mit parameter. 


〈/context -pa 


ram> 


<servlet-name> 


BeerTest 


</servlet-name> 



<servlet-param> 
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the ServletContext 


So what else caw you do with 
your ServletContext? 

A ServletContext is a JSP or servlet’s connection 
to both the Container and the other parts of the 
web app. Here are some of the ServletContext 
methods. We put the ones you should know for 
the exam in bold. 





与 iivPo about the 


-to the sewev-s log 

•file 〜 hdo 卜 S pa ‘） 饮 

Sys-tcm.out 


〈〈 interface 〉〉 

ServletContext 

getlnitParameter(String) 
getlnitParameterNames() 
getA ttribute(String) 
getA ttributeNames() 
setAttribute(String, Object) 
removeAttribute(String) 

getMajorVersion() 

getServerlnfo() 

getRealPath(String) 

getResourceAsStream(String) 

getRequestDispatcher(String) 

log (String) 

//more methods 


vs. 

^ttHbutcs ih a -Pew pages. 


^t\\ -balk about 


laW m 


javax.servlet.ServletContext 
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attributes and listeners 



A ： 

X% Um, no. Not unless you have a really small, simple 
web app. There are much better ways to do logging. The 
most popular, robust logging mechanism is Log4j; you 
can find it on the Apache site at: 

http://logging.apache.org/log4j 

You can also use the logging API from java.util.logging, 
added to J2SE in version 1.4. 

It’s fine to use the ServletContext log() method for simple 
experiments, but in a real production environment, you 
will almost certainly want to choose something else. 
There’s a good reference on web app logging with and 
without Log4j in the Java Servlet & JSP Cookbook from 
O'Reilly. 

Logging is not part of the exam objectives, but it’s 
important. Fortunately, you’ll find the APIs easy to use. 


How do all the parts of a web app get access to 
their own ServletContext? 


A I 

For servlets, you already know: call your inherited 
getServletContextO method. 

For JSPs it’s a little different — JSPs have something called 
"implicit objects”, and ServletContext is one of them. 
You’ll see exactly how a JSP uses a ServletContext when 
we get to the JSP chapters. 

So you get built-in logging through your 
context? That sounds VERY helpful! 
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context parameter limitations 


(Hate to spoil your \ 

J ServletContext party, but, um, ) 
those init parameters can't be 
anything except STRINGS! Thafs it! j 
What if I want to initialize my app I 
with a database DataSource that all 夕 
、 the servlets can use? j ^ 

% What if you want aw app 

init parameter thafs a 
database PataSourcc? 

Context parameters can’t be anything except 
Strings. After all, you can’t very well stuff Dog 
object into an XML deployment descriptor. 
(Actually, you could represent a serialized object 
in XML, but there’s no facility for this in the 
Servlet spec today... maybe in the future.) 

What if you really want all the parts of 
your web app to have access to a shared 
database connection? You can certainly put 
the DataSource lookup name in a context 
init parameter, and that’s probably the most 
common use of context parameters today. 

But then who does the work of turning 
the String parameter into an actual 
DataSource reference that all parts of the 
web app can share? 

You can’t really put that code in a servlet, 
because which servlet would you choose to be 
The One To Lookup The DataSource And 
Store It In An Attribute? Do you really want to 
try to guarantee that one servlet in particular 
will always run first? Think about it. 




FLEX YOUR tMHV 

How could you solve this problem? 


How could you initialize a web app with an 
object? Assume that you need the String 
context init parameter in order to create that 
object (think about the database example). 
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Oh, if only there were a way 
to have something like a main 
method for my whole web app. Some 
code that always runs before ANY 
servlets or JSPs... 



What she really wants is a listener 


She wants to listen for a context initialization event, 
so that she can get the context init parameters and 

run some code before the rest of the app can 
service a client. 

She needs something that can be sitting there, waiting 
to be notified that the app is starting up. 

But which part of the app could do the work? You 
don’t want to pick a servlet — that’s not a servlet’s job. 

There’s no problem in a plain old standalone Java 
app, because you’ve got main()! But with a servlet, 
what do you do? 

You need something else. Not a servlet or JSP, but some 
other kind of Java object whose sole purpose in life 
is to initialize the app (and possibly to 廳 initialize it 
too, cleaning up resources when it learns of the app’s 
demise...). 




context listeners 


She wants a ServletCowtextListewer 


We can make a separate class, not a servlet or JSP, that can 
listen for the two key events in a ServletContext’s life — 
initialization (creation) and destruction. That separate class 
implements javax. servlet. ServletGontextListener. 

We need a separate object that can: 

■ Get notified when the context is initialized (app is being 
deployed). 

■ Get the context init parameters from the ServletContext. 


<< interface» 

^ nt ) 
崎〜一。心： 

iavax.serWet.Serv/etContextL/stener 


Use the init parameter lookup name to make a database 
connection. 


Store the database connection as an attribute, so that all 
parts of the web app can access it. 


■ Get notified when the context is destroyed (the app is 
undeployed or goes down). 

■ Close the database connection. 


A ServletContextListener class: 

import j avax • servlet • * ; 



is simple: • 呵 1 加伙七 


public class My ServletContextListener implements ServletContextListener { 


public void contextlnitialized (ServletContextEvent event) 
//code to initialize the database connection 
//and store it as a context attribute 


public void contextDestroyed (ServletContextEvent event) { 
//code to close the database connection 


These 


^ -two 




/Oi 

vcyri 
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attributes and listeners 


OK, I have a listener class. Now 
what do I do? Where do I put the 
class? Who instantiates it? How do I 
register for the events? How does 
the listener set the attribute in the 
right ServletContext? 



FLEX YOUR MIND 

What do you think the mechanism 
might be for making a listener be 
part of a specific web app? 


Hint: how do you tell the Container 
about the other parts of your web 
app? Where might the Container 
discover your listener? 
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using a ServletContextListener 


Tutorial: a simple ServletCowtextListewer 


Now we’ll walk through the steps of making and running a 
ServletContextListener. This is just a simple test class so that 
you can see how all the pieces work together; we’re not using 
the database connection example because you’d have to set up a 
database to make it work. But the steps are the same regardless of the 
code you put in your listener callback methods. 

In this example ， we’ll turn a String initparameter into an actual 
object — a Dog. The listener’s job is to get the context init parameter 
for the dog’s breed (Beagle, Poodle, etc.), then use that String to 
construct a Dog object. The listener then sticks the Dog object into 
a ServletGontext attribute, so that the servlet can retrieve it. 

The point is that the servlet now has access to a shared application 
object (in this case a Dog), and doesn’t have to read the context 
parameters. Whether the shared object is a Dog or a database 
connection doesn’t matter. The key is to use the init parameters to 
create a single object that all parts of the app will share. 



\y\ -this example, well pu 七 a 
Doj m*to d Scv-vlc*tCoir\*tc^t 


Our Dog example: 

■ The listener object asks the ServletContextEvent 
object for a reference to the app’s ServletContext. 

■ The listener uses the reference to the ServletContext 
to get the context init parameter for “breed”，which is a 
String representing a dog breed. 

■ The listener uses that dog breed String to construct a 
Dog object. 

■ The listener uses the reference to the ServletContext 
to set the Dog attribute in the ServletContext. 

■ The tester servlet in this web app gets the Dog 
object from the ServletContext, and calls the Dog’s 
getBreed() method. 
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attributes and listeners 


Making and using a context listener 

Maybe you’re still wondering how the Container discovers 
and uses the listener... You configure a listener the same 
way you tell the Container about the rest of your web 
app — through the web. xml Deployment Descriptor! 


① Create a listener class 

《 interface 〉〉 

ServletContextListener 

contextlnitialized(ServletContextEvent) 
contextDestroyed(ServletContextE vent) 

I 

i 

MyServletContextListener 

contextlnitialized(ServletContextEvent) 

contextDestroyed(ServletContextEvent) 


② Put the class in WEB-INF/classes 


To listen for 
ServletContext events, 
write a listener 
class Aat implements 
SePvletContextlMener ， 
put it in your AVEB-IKF/ 
classes directory, and tell 
Ae Container by putting a 
<listenep> element in the 
Deployment Descriptor. 



(TW» S ONLY ? latc rUa^。 …. 

lA/EB-INF/tlasscs IS ok scvcyral 
? latcs CVU ⑽ ^ look W 

Masses. \A/cll tow ^ o*bV>cvs m the 


(3) Put a <listener> element in the 
web.xml Deployment Descriptor 


<listener> 

<listener-class> 

com.example.MyServletContextListener 
</listener-class> 

</listener> 


t ^ ^ ^ 

J) OCS 1 , C}r> c ^Chi go 

^ tr t ; <嗜 

饮 〆 ― 饮 <Y/eb 

TUk ^bou-t i£ 
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ServletContextListener tutorial 


We need three classes and one 卯 

For our context listener test example, we need to 
write the classes and the web.xml file. 

For ease of testing ， we 5 ll put all of the classes 
in the same package: com.example 

① The ServletContextListener 

MyServletContextListener.java 

This class implements ServletContextListener, 
gets the context init parameters, creates the Dog, 
and sets the Dog as context attribute. 


〈〈 interface 〉〉 

ServletContextListener 




MyServletContextListener 


contextlnitialized(ServletContextEvent) 

contextDestroyed(ServletContextEvent) 



② The attribute class 
Dog.java 

The Dog class is just a plain old Java class. 

Its job is to be the attribute value that the 
ServletContextListener instantiates and sets in 
the ServletGontext, for the servlet to retrieve. 


③ The Servlet 

ListenerTester.java 

This class extends HttpServlet. Its job is to verify 
that the listener worked by getting the Dog 
attribute from the context, invoking getBreed() on 
the Dog, and printing the result to the response 
(so we’ll see it in the browser). 



一 t /—\ 

ListenerTester 


doGet(HttpServletRequest, HttpServletResponse) 
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attributes and listeners 


Writing the listener class 

It works just like other types of listeners you might 
be familiar with, such as Swing GUI event handlers. 
Remember, all we need to do is get the context init 
parameters to find out the dog breed, make the Dog 
object, and put the Dog into the context as an attribute. 


〈〈 interface 〉〉 

ServletContextListener 


MyServletContextListener 


contextlnitialized(ServletContextEvent) 

contextDestroyed(ServletContextEvent) 



package com.example; 
import javax.servlet.*; 


I— 



vl c 七 Scvvl c 七 Ccm 七 c% 七 ’ 


public class MyServletContextListener implements ServletContextListener { 


public void contextlnitialized (ServletContextEvent event) { 

/\sk U Wvlc 七 C ⑽七 C 此 


ServletContext sc = event.getServletContext (); 


String dogBreed = sc . getlnitParameter (''breed ”）； 々 
Dog d = new Dog(dogBreed); <f — Make a ^ P°^ 


Wsc the ^oh-tex-t -fco get 

the \W\i j>a\ramcicv-. 


sc . setAttribute ( 、 'dog 〃， d); 


Wse the -to set ah attv-ibutc (a 

pai\r) 七 ha 七 is 七 he Dog. Kow 
othe\T d 七 he app will be able io o^i 

the value of the aUv-ibulc (the Dog). ^ 


public void contextDestroyed (ServletContextEvent event) { 
// nothing to do here 


l/Ve do^i heed ahy-thmg hcv-c. The Dog 

dots^i heed -to be dedhed up." when ihe 
6oy)ie%i goes away, i-t rwca^s -the whole 
a PP IS 9 om 9 i^ludihg the Dog. 
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the attribute class 


Writing the attribute class (l?og) 


Oh yeah, we need a Dog class — the class representing 
the object we’re going to store in the ServletGontext, 
after reading the context init parameters. 


package com.example; 

public class Dog { 

private String breed; 


J u s*t a pla'm old Java dlass. 



public Dog(String breed) 
this.breed = breed; 


public String getBreed() 
return breed; 





0 讲 W vlW,ll yUk Po 9 W *bv,c 


o ： 

I thought I read somewhere that servlet attributes 
had to be Serializable... 


A I 

Interesting question. There are several different 
attribute types, and whether the attribute should be 
Serializable only matters with Session attributes. And the 
scenario in which it matters is only if the application is 
distributed across more than one JVM. We’ll talk all about that 
in the Sessions chapter. 

There’s no technical need to have any attributes (including 
Session attributes) be Serializable, although you might 
consider making all of your attributes Serializable by default, 
unless you have a really good reason NOT to. 

Think about it — are you really certain that nobody will ever 
want to use objects of that type as arguments or return values 
as part of a remote method call? Can you really guarantee that 
anyone who uses this class (Dog, in this case) will never run in 
a distributed environment? 


So, although you aren’t required to make any attributes 
Serializable, you probably should if you can. 
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attributes and listeners 


Writing the servlet class 


This is the class that tests the ServletGontextListener. 
If everything is working right, by the time the 
Servlet’s doGet() method runs for the first time, 
the Dog will be waiting as an attribute in the 
ServletGontext. 


package com.example; 

import javax.servlet.*; 
import j avax.servlet.http.*; 
import java.io.*; 



ListenerTester 


doGet(HttpServletRequest, HttpServletResponse) 


so 


public class ListenerTester extends HttpServlet { 

public void doGet (HttpServletRequest request, HttpServletResponse response) 

throws 工 OException, ServletException 

response . s etCon tent Type ( 、 'text/html 〃）； 

PrintWriter out = response.getWriter(); 


out. print In (''test context attributes set by listener<br >〃）； 
out.println( 、 '<br >’’）； 


N 。 一 ^ 

+ dog• getBreed() ) ； 

欠 



getAttribute() returns 
type Object! You need 
to cast the return! 

But getlnitParameterO returns a String^ So you 
must cast the return of getAttnbute(), but the 
return of getlnitParameterO can be ass/gned 
directly to a String. So … don’t be fooled y 
exam code that doesn’t use a cast: 

Dogd = ctx.getAttribute( dog )； ^—— 0 
(Assume ctx is a ServletContext.) 


Dog dog = (Dog) getServletContext () . getAttribute (''dog /A ); 

^ dor/ 七匕 ^ ^ 

out. print In (''Dog A s breed is: ' 
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configuring a listener in the DD 


Writing the Peploymewt descriptor 


Now we tell the Container that we have a listener for 
this app, using the <listener> element. This element is 


<?xml veiV^S 
sion^l.O^ 
encoding 



simple — it needs only the class name. That’s it. 


web.xml 


<web-app xmlns=’’http : //j ava . sun . com/xml/ns/j 2ee’’ 

xmlns : xsi= 〃 http://www.w3.org/2 001/XMLSchema-instance” 

xsi : schemaLocation=’’http : //java.sun.com/xml/ns / j2ee/web-app_2_4.xsd" 

version= 〃 2•4〃> 

<servlet> 

<servlet-name>ListenerTester</servlet-name> 

<servlet-class>com.example.ListenerTester</servlet-class> 

</servlet> 

<servlet-mapping 〉 

<servlet-name>ListenerTester</servlet-name> 

<url-pattern>/ListenTest.do</url-pattern 〉 

</servlet-mapping> 


<context-param> 

<param-name>breed</param-name> 
<param-value>Great Dane</param-value> 


Wc 

(or v \\ 


t 工 ^ P 。， 





</context-param> 


<listener> 



</listener-class> 

</listener> 



com. example .MyServletContextListener 
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Dumb Questions 


Hold on... how are you telling the Container 


that this is a listener for ServletContext events? There 
doesn’t seem to be an XML element for <listener-type> 
or anything that says what type of events this listener 
is for. But I noticed you have"ServletContextListener 〃 
as part of the class name — is that how the Container 
knows? By the naming convention? 



No. There’s no naming convention. We just did it 
that way to make it painfully clear what kind of a class we 
wrote. The Container figures it out simply by inspecting 
the class and noticing the listener interface (or inter¬ 
faces; a listener can implement more than one listener 
interface). 

Does that mean there are other types of listen¬ 
ers in the servlet API? 



Yes, there are several other types of listeners that 
we’ll talk about in a minute. 


compiling and deploying the listener test 


0010 

1100 

0001 

0101 




0010 0001 
100 1001 
0001 0011 
0101 0110 


Dog.class 


,_wOntextListener.class 


③ 


listenerTest/WEB-INF/classes/com/example/Dog.class 
listenerTest/WEB-INF/classes/com/example/ListenerTester.class 
listenerTest/WEB-INF/classes/com/example/MyServletContextListener.class 

④ Put your web.xml Deployment Descriptor into 
the WEB-INF directory for this web app 

listenerTest/WEB-INF/web.xml 

⑤ Deploy the app by shutting down and 
restarting Tomcat 


cample 


Compile and deploy 


Let’s get it all working. The steps are: 


① 


^Tl 







一 •一 以铷 S W a??- 
^ must V)C ^ 


At 

1 . 


② 


1 


Compile the three classes 

They’re all in the same package... 


Create a new web app in Tomcat 

■ Create a directory named listenerTest and place it 
inside the Tomcat webapps directory. 

Create a directory named WEB-INF and place it 
inside the listenerTest directory. 

Put your web.xml file in the WEB-INF directory. 

Make a classes directory inside WEB-INF. 

■ Make a directory structure inside classes that 
matches your package structure: a directory called 
com that contains example. 



i Wt 




Copy your three compiled files into your web 
app directory structure in Tomcat 


TW»s dVrc 士 


<?xml ven^ 
sions^l.O^ 
encoding 
= 〃 UTF-8〃？> 


classes 1 



3 




web.xml 


com 


0010 0001 
1100 1001 
0001 0011 
0101 0110 



ListenerTester.class 

MvServlet( 





1 1 1 o 
VP o o 1 1 
o o o 1 
o 1 o o 
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attributes and listeners 


Try it out 



Bring up your browser and let’s hit the servlet directly. We didn’t 
bother making an HTML page, so we’ll access the servlet by typing 
in the URL from the servlet mapping in the DD (ListenTest.do). 


Troubleshooting 

If you get a NullPointerException, you didn’t get a Dog back 
from getAttribute(). Check the String name used in i^Attribute() 
and make sure it matches the String name you’re using in 
辦 Attribute (). 

Recheck your web.xml and make sure the <listener> is registered. 

Try looking at the server logs and see if you can find out if the 
listener is actually being called. 

To make it as confusing as possible, we gave everything a subtly 
different name. We want to make sure you’re paying attention to 
how these names are used, and when you name everything the 
same, it’s tough to tell how the names affect your app. 

Servlet class name: ListenerTester.class 

Web app directory name: listenerTest 

URL pattern mapped to this servlet: ListenTest.do 






or Ustev', 


vt 、 

- ov Test- 
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how our context listener works 


The full story... 

Here’s the scenario from start (app initialization) to 
finish (servlet runs). You’ll see in step 11 we condensed 
the Servlet initialization into one big step. 

Container reads the Deployment Descrip¬ 
tor for this app, including the <listener and 
<context-param> elements. 


Container 

read — 、 

<servlet> 
<init-param> v 
<param-name> 
foo 

</par am- name> 
<param-value> 


r 

</param-value> 


web.xml 


② 


Container creates a new ServletContext 
for this application, that all parts of the 
app will share. 



ServletContext 


^3) Container creates a name/value pair of 
Strings for each context init parameter. 
Assume we have only one. 


④ 


new 




new 


String 


''Great 
Dane , * 

String 


doirrtcxt mi*t 
pav-arwc*tc\r 
-fvom DD 


Container gives the ServletContext refer¬ 
ences to the name/value parameters. 



⑤ 


Container creates a new instance of the 
MyServletContextListener class. 



MyServletContextListener.class 


⑥ 


Container calls the listeners 
contextInitialized() method, passing 
in a new ServletContextEvent. 

The event object has a reference to 
the ServletContext, so the event¬ 
handling code can get the 
context from the event, 
and get the context 
init parameter from 
the context. 1 


ServletContextEvent 




Servlet- 

Context 


''Great 




Container J^contextInitialized(ServletContextEvent)-^, s 

listener 
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attributes and listeners 


The story continues 


⑦ 


Listener asks ServletContextEVe/it for a 
reference to the ServletContext. 



listener 


getServletContext() 



ServletContextEvent 




Listener asks ServletContext for the 
context init parameter 、、 breed”. 



getInitParameter(' 、 breed") 


listener 



String 


ServletContext 


String 


⑨ 


Listener uses the init parameter to 
construct a new Dog object. 


(D^ new ~^S) 


listener 


instance of Dog.class 


rtS) Listener sets the Dog as an attribute i 
the ServletContext. 


in 



setAttribute( H dog ,, / d) 

listener 



ServletContext 


⑪ 


Container makes a new Servlet (i.e., makes 
a new ServletConfig with init parameters, 
gives the ServletConfig a reference to the 
ServletContext, then calls the Servlefs 



Container 


init(Serviconfig) 


instance of 
ListenerTester.class 


⑫ 


Servlet gets a request, and asks the 
ServletContext for the attribute 、、 dog〃. 



Servlet 


ServletContext 


© 


Servlet calls getBreed() on the Dog 
(and prints that to the HttpResponse). 
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other listeners 


I just thought of something... 
since attributes can be set 
programmatically (unlike init 
parameters), can I listen for attribute 
events? Like if someone adds or 
replaces a Dog? 



Listeners: wot just for 
context events... 

Where there’s a lifecycle moment, there’s usually a 
listener to hear about it. Besides context events, 
you can listen for events related to context 
attributes, servlet requests and attributes, and 
HTTP sessions and session attributes. 




You don’t have to know all 
of the listener API. 

Other than ServletContextListener, you 
really don’t need to memorize the methods of 
each of the listener interfaces. But... you DO 
need to know the kinds of events that you can 
listen for. 

The exam objectives are clear: you’ll be given a 
scenario (a developer’s goal for an application) 
and you’ll need to decide which is the right type 
of listener, or whether it’s even POSSIBLE to be 
notified of that lifecycle event. 


hloic ： wc do 灼 ’ 七 -talk abou-t sessions 七 he 

so do / 七 wov-v-y abou 七••七 i*f you do / 七 ye 七 
ki^ov/ v/ha*t 3r\ HTTP session is ov v/hy you - 
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attributes and listeners 



Scenario 


Pick the Listener 

Match the scenario on the left with the 
listener interface (at the bottom of the page) 
that supports that goal. Use each interface 
only once. (Yes, we KNOW we haven’t looked at 
these yet. See what you can come up with just by 
looking at the names. Answers are on the next 
page, so don’t peek!) 



Listener interface 


You want to know if an attribute in a 
web app context has been added, 
removed, or replaced. 


You want to know how many concurrent 
users there are. In other words, you 
want to track the active sessions. 


You want to know each time a request 
comes in, so that you can log it. 

You want to know when a request 
attribute has been added, removed, 
or replaced. 

You have an attribute class (a class 
for an object that will be put in an 
attribute) and you want objects of 
this type to be notified when they are 
bound to or removed from a session. 

You want to know when a session 
attribute has been added, removed, 
or replaced. 


Choose from these listener interfaces. 

Use each listener only once. 

。 . ServletRequestListener 

HttpSessionA ttributeListener ” 

。 . 0 . .. .. . HttpSessionListener 

HttpSessionBmdmgListener r 

ServletRequestAttributeListener 


ServletContextAttributeListener 
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common listeners 


The eight listeners 


Scenario Listener interface Event type 


You want to know if an attribute in a 
web app context has been added, 
removed, or replaced. 

javax.servlet.ServletContextAttributeListener 

attributeAdded 

attributeRemoved 

attributeReplaced 

ServletContextAttributeEvent 

You want to know how many 
concurrent users there are. In other 
words, you want to track the active 
sessions. (We cover sessions in 
detail in the next chapter). 

javax.servlet.http.HttpSessionListener 

sessionCreated 

sessionDestroyed 

HttpSession Event 

You want to know each time a 
request comes in, so that you can 
log it. 

javax.servlet.ServletRequestListener 

requestlnitialized 

requestDestroyed 

ServletRequestEvent 

You want to know when a 
request attribute has been added, 
removed, or replaced. 

javax.servlet.ServletRequestAttributeListener 

attributeAdded 

attributeRemoved 

attributeReplaced 

ServletRequestAttributeEvent 

You have an attribute class (a class 
for an object that will be stored as 
an attribute) and you want objects of 
this type to be notified when they are 
bound to or removed from a session. 

javax.servlet.http.HttpSessionBindingListener 

valueBound 

valueUnbound 

HttpSessionBindingEvent 

You want to know when a session 
attribute has been added, removed, 
or replaced. 

javax.servlet.http.HttpSessionAttributeListener 

attributeAdded t 

attributeRemoved 

HttpSession Binding Event 

t^buteUsW 

You want to know if a context has 
been created or destroyed. 

javax.servlet.ServletContextListener 

contextlnitialized 

contextDestroyed 

ServletContextEvent 

You have an attribute class, and 
you want objects of this type to be 
notified when the session to which 
they’re bound is migrating to and 
from another JVM. 

javax.servlet.http.HttpSessionActivationListener 

session Did Activate 
session WillPassivate 

HttpSession Event 

| 七 , s I^T 七七 ? Scssu^M 七 •• 仰七 心七 " 
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attributes and listeners 


The HttpSessio^indinglistener 


You might be confused about the difference between an 
HttpSession^zWf 叹 Listener and an HttpSession^UnT^ 紿 Listener. 

(Well, notyou, but someone you work with.) 

A plain old HttpSession^^rz^^Listener is just a class that wants to know 
when any type of attribute has been added, removed, or replaced in a 
Session. But the HttpSession^zVz 而叹 Listener exists so that the attribute itself 
can find out when it has been added to or removed from a Session. 


With this listener, 

Tm more aware of my role 
in the application. They tell me 
when I'm put into a session 
(or taken out). 


package com.example; 
import javax.servlet.http.*; 

public class Dog implements HttpSessionBindingListener { 

private String breed; 



public Dog(String breed) { 
this.breed=breed; 

} 

public String getBreed() { 

return breed; 


碑：: ::： d $ :茶 。 S ; 


public void valueBound(HttpSessionBindingEvent event) { 

// code to run now that 工 know I'm in a session 

} 

public void valueUnbound (HttpSessionBindingEvent event) { 

// code to run now that 工 know 工 am no longer part of a session 


use ihc womd 
b ° Uhd u ^ 

C 3 A dcd 〜 

^oved 4 。咖 " 


o ： 

OK. I get how it works. I get that the Dog (an 
attribute that’ll be added to a session) wants to know 
when it's in or out of a session. What I don't get is WHY. 


A: 


If you know anything about Entity beans... then you 


can picture this capability as a kind of "poor man’s entity 
bean”. If you don’t know about entity beans, you should run 


to your nearest bookstore and buy two copies of Head First 


EJB (one for you, one for your significant other so you can 
share special moments discussing it). 


In the meantime, here’s a way to think about it — imagine 


the Dog is a Customer class, with each active instance 
representing a single customer’s info for name, address, 
order info, etc. The real data is stored in an underlying 
database. You use the database info to populate the fields 
of the Customer object, but the issue is how and when 
do you keep the database record and the Customer info 
synchronized? You know that whenever a Customer object 
is added to a session, it’s time to refresh the fields of the 
Customer with this customer’s data from his record in the 
database. So the valueBoundO method is like a kick that 
says, "Go load me up with fresh data from the database... 
just in case it changed since the last time I was used.” Then 
valuellnboundO is a kick that says, "Update the database 
with the value of the Customer object fields.” 
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listener chart 


Remembering the Listeners v 

Do your best to fill in the slots in this table. Keep in mind 
that the listener interfaces and methods follow a consistent 
naming pattern (mostly). 

Answers are at the end of the chapter. 

毓 


Attribute listeners 


Other lifecycle listeners 


Methods in all attribute 
listeners (except 
binding listener) 


Lifecycle events related 
to sessions (excluding 
attribute-related events) 


Lifecycle events related 
to requests (excluding 
attribute-related events) 


Lifecycle events related 
to servlet context 
(excluding attribute- 
related events) 
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attributes and listeners 


What exactly, is aw attribute? 


We saw how the ServletGontext listener created a Dog 
object (after getting the context init parameter) and 
was able to stick (set) the Dog into the ServletGontext as 
an attribute, so that other parts of the app could get it. 
Earlier, with the beer tutorial, we saw how the servlet was 
able to stick the results of the call to the model into the 
Request (usually HttpServletRequest) object as 
an attribute (so that the JSP/view could get the 
value). 

An attribute is an object set (referred to as 
bound) into one of three other servlet API 
objects — ServletGontext, HttpServletRequest 
(or ServletRequest), or HttpSession. You can 
think of it as simply a name/value pair (where 
the name is a String and the value is an Object) 
in a map instance variable. In reality, we don’t know 
or care how it’s actually implemented — all we really 
care about is the scope in which the attribute exists. In 
other words, who can see it and how long does it live. 

An attribute is like an 
object pinned to a bulletin 
board. Somebody stuct it 



iVho CBy\ set 

bullctm board? 
iVho By\A 

sc 七 -the ai*tv-ibu*tcs? 


on Ae board so ihat others 
can get it. 

The big questions are: 
has access to Ae bulletin 
board, and how long does 
it live? In other words, 
is the scope of ihe 
attribute? 
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attributes vs. parameters 


Attributes are wot parameters! 

If you’re new to servlets, you might need to spend some 
time reinforcing the difference between attributes and 
parameters. Rest assured that when we created the exam we 
spent just that little bit of extra time trying to make sure 
we made attribute and parameter questions as confusing 
as possible.* 



Attributes 

Parameters 

Types 

Application/context 

Request xv^cvc scwlc*t- 

Session ^ atbnbute 

use aw msta^c - 

Application/context init parameters 

Request parameters 

Servlet init parameters |s( 0 -tWm^ as 

—session ?avameW 

Method to set 

setAttribute(String name, Object value) 

You CANNOT sef Application and 

Servlet init parameters — they’re set 
in the DD, remember? (With Request 
parameters, you can adjust the query String, 
but that’s different.) 

Return type 

Object 

String 卜加 

Method to get 

getAttribute(String name) 

“3 梦糾 at^ibu-tcs r,usi be 

si, S,h ^ ihc type is Obj^i 

getlnitParameter(String name) 


*lt’s true. If we’d made the exam simple and straightforward 
and easy, you wouldn’t feel that sense of pride and accom¬ 
plishment from passing the exam. Making the exam difficult 
enough to ensure that you’d need to buy a study guide in 
order to pass it was never, EVER, a part of our thinking. No, 
seriously. We were just thinking of you. 
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attributes and listeners 


The Three Scopes: Context Request and Session 



Context Attributes 



t 


Database 

Connection 


'Concurrent 

Users" 

42 



乂 servlet) 


9et_y 



Everyone in the application has access 



JSP 



Accessible to only those with access to a specific HttpSession 


REQUEST Attributes 



set 



''BeerRecommendation 
''Moose Drool" 


Controller 



get 



JSP View 


Accessible to only those with access to a specific ServletRequest 
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attribute scope exercise 



Attribute Scope 

Do your best to fill in the slots in this table. You REALLY need to understand 
attribute scope for the exam (and the real world) because you have to know 
which scope is the best to use for a given scenario. You’ll see the answer in a 
few pages, but don’t look ahead! If you’re going to take the exam, trust us... 
you need to fill this out yourself by taking the time to think it through. 



Accessibility 

(who can see it) 

Scope 

(how long does it live) 

What it’s good for 

Context 




HttpSession 




Request 





mmm 
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Attribute API 


attributes and listeners 


The three attribute scopes — context, 
request, and session — are handled by 
the ServletGontext, ServletRequest, 
and HttpSession interfaces. The API 
methods for attributes are exactly the 
same in every interface. 


Object getAttribute(String name) 
void setAttribute(String name, Object value) 
void removeAttribute(String name) 
Enumeration getAttributeNames() 


Context 


Request 


Session 


《 interface 〉〉 

ServletContext 

getlnitParameterf String) 
getlnitParameterNames() 

getA ttribute(String) 
setAttributefString ， Object) 
removeA ttribute(String) 
getA ttributeNamesf) 

getMajorVersionf) 

getServerlnfof) 

getRealPath (String) 
getResourceAsStream(String) 
getRequestDispatcher(String) 
log(String) 

//MANYmore methods... 


〈〈 interface 〉〉 

ServletRequest 

getContentType() 

getParameter(String) 

getA ttribute(String) 
setAttribute(String, Object) 
removeAttribute(String) 
getA ttributeNames() 

//MANYmore methods... 

- ^ - 


《 interface 》 

HttpServletRequest 


getContextPathf) 
getCookiesO ^ 

getHeader(String) 
getQueryString() ^ 代 

getSession() 

II MANY more methods... 


《 interface 》 

HttpSession 

getA ttribute(String) 
setAttribute(String, Object) 
removeA ttribute(String) 
getA ttributeNames() 

setMaxIn active Interval(int) 
getld() 

getLastAccessedTime() 
//MANYmore methods... 
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attribute strangeness 


The dark side of attributes 


Kim decides to test out attributes. He sets an attribute 
and then immediately gets the value of the attribute and 
displays it in the response. His doGet() looks like this: 


public void doGet(HttpServletRequest request, HttpServletResponse response) 

throws 工 OException, ServletException { 


response . setContentType ( 、 'text/html 〃）； 

PrintWriter out = response.getWriter(); 

out. print In (''test context attributes<br >〃）； 

getServletContext () • setAttribute (''foo", ''22 ’’）； 
getServletContext () • setAttribute (''bar", 'M2"); 

out.println (getServletContext () . getAttribute ( 、 'foo 〃））； 
out.println (getServletContext () . getAttribute (''bar ”））； 


Here’s what he sees the first time he runs it. 
It’s exactly what he expected. 


eno 



^ Ac + ^ http://localhost:8080/listenerTest/ListenTest.do 

: — … . - —-= mil ! 

O 


test context attributes 



22 42 上 s t ... 
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attributes and listeners 


Put then something goes horribly wrong 

The second time he runs it, he’s shocked to see: 



叵 

100' 

"http://localhost:8080/listenerTest/ListenTest.do 






test context attributes 

2216 —⑽丄丁 





FLEX YOUR MIND 

Look closely at the code, and think about 
what’s happening. Do you see anything that 
could explain the problem? 


You might not have enough info to solve the 
mystery, so here’s another clue: Kim put this 
code in a test servlet that’s part of a larger 
test web app. In other words, the servlet that 
holds this doGet() method was deployed as 
part of a larger app. 

Now can you figure it out? 


Can you think of how he might fix it? 
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context scope and thread-safety 



Context scope isn't thread-safe! 

That’s the problem. 

Remember, everyone in the app has access to 
context attributes, and that means multiple 
servlets. And multiple servlets means you 
might have multiple threads, since requests are 
concurrently handled, each in a separate thread. 
This happens regardless of whether the requests 
are coming in for the same or different servlets. 


Context Attributes 



Thv-cad B 


/ i l li 戚 

Client A 


set 


\^ervlet B J 




Yokes’ sc\rvlc*t is pa\rt o-f 七 he 

sd^e v/cb app, b separate *thv-cad 

sc*t w ba\r w a*t*t\ribu-tc- 

y \ o {, all … 七 he Coirrtamev" mi# 七 
lau^dh a^o*thcv- *tWeadl -fov- Scv-vlc*t A *to 
handle a *tiVi\rd dietrrt … 


Client C 
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attributes and listeners 


The problem in slow motion. 

Here’s what happened to Kim’s test servlet. 


① 


Servlet A sets the context attribute 
、foo〃 with a value of M 22 ”. 


^ervlet 

Thv-cad A 


set 



String 


ServletContext 


String 


^2) Servlet A sets the context attribute 
M bar" with a value of M 42". 


^ervlet 

Thv-cad A 


set 



String 


ServletContext 


String 


( 3 ^ Thread B becomes the running thread (thread 
^ A goes back to Runnable-but-not-Running), and 
sets the context attribute、、bar〃 with a value 



( 4 ^ Thread A becomes the running thread 
^ again, and gets the value of、、bar〃 and 
prints it to the response. 


^ervlet 

Thv-cad A 


get ^ 



ServletContext 


getServletContext () . setAttribute (''focy 
getServletContext () . setAttribute (''bar j 


22，，、 ； 
■ 42 "); 



out.println (getServletContext () . getAttribute ( 、 'foo 〃）） 
out. println (getServletContext () . getAttribute (''bar 〃）） 


valued 七 

. 4 / to a ^ 

So •，七 

—ted 咖 vaW f ，比 

V^ad Aa 呼 d 
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threads and context attributes 


How do we make context 
attributes thread-safe? 


Let’s hear what some of the other 
developers have to say... 


I’m thinking I could 
synchronize the doGet() 
method, but that doesn't 
really feel right. But I don’t 
know what else to do. 


The spec says you're on your own 
if you need to protect attributes. 

Why force you to have all that 
synchronization overhead if you don’t need it? 
Of course some Web Containers do implement 
that synchronization anyway, but there’s no 
guarantee so you better be careful. 


°o 



Synchronizing on the 
doGet() means kissing your 
concurrency goodbye. If you 
synchronize doGetO, it means 
that servlet can handle only 
ONE client at a time! 




¥ 



Why didn’t the 
Servlet spec developers 
just synchronize the get and 
set attribute methods in 
ServletContext, to make 
the attributes thread- 
safe? 


Q 
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attributes and listeners 


Synchronizing the service method is 
a spectacularly ^Al? idea 

OK, so we know that synchronizing the service method 
will kill our concurrency, but it does give you the thread 
protection, right? Take a look at this legal code, and decide 
whether it would prevent the problem Kim had with the 
context attribute being changed by another servlet... 


public synchronized void doGet(HttpServletRequest request, HttpServletResponse response) 

throws 工 OException, ServletException { 


response . setContentType (''text/html ”）； 
PrintWriter out = response.getWriter(); 

out. print In (''test context attributes<br >〃）； 

getServletContext () • setAttribute (''foo", ''22 ’’）； 
getServletContext () • setAttribute (''bar", 、 M2"); 


out. println (getServletContext () . getAttribute ( 、 'foo 〃））； 
out.println (getServletContext () • getAttribute ( 、 'bar 〃））； 


This carVt work! 

Well, \Ys legal as a 
servlet, but I don’t see 
how this will fix the 
problem... 



lVha*t do you iVill i*t -f ix* 

pv-oblcm had? Look 

bddk a*t todt 

i-f youVc y\o{, suvc- 
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don’t synchronize the service method 


Synchronizing the service method 
wow't protect a context attribute! 


Synchronizing the service method means that only one thread 
in a servlet can be running at a time... but it doesn’t stop other 
servlets or JSPs from accessing the attribute! 

Synchronizing the service method would stop other threads 
from the same servlet from accessing the context attributes, 
but it won’t do anything to stop a completely different servlet. 



Thv-cad B 


Client A 


rg=*£==a 


Client C 






Client B 


Se t < servlet B 



you sy^dh\roir\iz^ scv-vi^c 

mcihod, you lV|LL s*top 
Coir\*t3'mc\r -rvom a^y 

o*t^C\r mc*thodls -fov Y\tvi v-c^ucsts 
*m*to sc\rvlc*t A- So 七 his 

lV|LL pvo*tcd*t 匕。灼七以七 

atbributes -fvom bc’mj dddessed 
by move oy\c *t^v-cad 

a sc\rvi^c rwC*thodi <^f 

Scv-vlci A- 



Bu 七 you wo 灼’七 do any 七 h’mj 
h> s*top OTHER scv-vlcts/ 
Rcjav-dlcss o( y/hc*thcv- *thc 
sev-vide methods \y\ o*tKc\r 
scv-vlcts a\rc sy^dhv-o^izjcd 
o\r y\o{, - it s*ti|| 

o*thcv- pav-b o( -the app 

have a^dcss *to -the 匕 o 灼 *te 丈 t 

a*t*tv"ibu*tcs. 
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attributes and listeners 


You don't need a lock ow the servlet, 
you need the lock on the context! 


The typical way to protect the context attribute is to 
synchronize ON the context object itself. If everyone 
accessing the context has to first get the lock on the context 
object, then you’re guaranteed that only one thread at a 
time can be getting or setting the context attribute. But... 
there’s still an if there. It only works if all of the other code that 
manipulates the same context attributes ALSO synchronizes on the 
ServletContext. If code doesn’t ask for the lock, then that code 
is still free to hit the context attributes. But if you’re designing 
the web app, then j ⑽ can decide to make everyone ask for the 
lock before accessing the attributes. 



\i do to 

bcdausc f 七 ^ 

a” vAlWWUe aWc aacss 

七 he 


ServletContext 


public void doGet(HttpServletRequest request, HttpServletResponse response) 

throws 工 OException, ServletException { 


response . setContentType ( 、 'text/html 〃）； 
PrintWriter out = response.getWriter(); 


out. print In (''test context attributes<br >〃）； 





synchronized(getServletContext()) { 

getServletContext () . setAttribute ( 、 'foo 〃， '' 22 ’’）； 
getServletContext () • setAttribute (''bar” ，、 M2 〃）； 


out.println (getServletContext () . getAttribute ( 、 'foo 〃）） 
out. println (getServletContext () . getAttribute ( 、 'bar 〃）） 




"the blo£.k 


A So ^ Safe 


ihircsd 


^ohicxi 
s Uh ^l wc cxii 


== :心：::加土" 

WW aU, iLies 喊 * 


you d 


Expect to see lots of 
code about thread-safety 

On the exam, youll see plenty of 

ing different strategies for making f ! butes 

thread-safe. Youll have to decide，f the code 

17s, given a p— =二 

the code is legal (compiles and runs), doesn t 

mean ifll solve the problem. 
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session attributes and thread-safety 


Are Session attributes thread-safe? 

Think about it. 

We haven’t talked about HTTP sessions in detail yet (we will 
in the Sessions chapter), but you already know that a session 
is an object used to maintain conversational state with a 
client. The session persists across multiple requests from the same 
client. But it’s still just one client we’re talking about. 

And if it’s one client, and a single client can be in only 
one request at a time, doesn’t that automatically mean that 
sessions are thread-safe? In other words, even if multiple 
servlets are involved, at any given moment there’s only one 
request from that particular client... so there’s only one 
thread operating on that session at a time. Right? 




Client A 


Servlet A 


Servlet B 


Session Attributes 


Request A / Thv-cad A 


set 


Request 3 / Thv-cad 3 



JSP View 


Even though both servlets can access the Session attributes 
in separate threads, each thread is a separate request. So it 
looks safe. 

Unless... 

Gan you think of a scenario in which there could be more 
than one request at the same time, from the same client? 

What do you think? Are session attributes 
guaranteed thread-safe? 
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attributes and listeners 


What's REALLY true about attributes 
and thread-safety? 


Listen in as our two black-belts discuss the 
issues around protecting the state of attributes 
from multithreading problems. 







We know that context attributes are inherently NOT 
safe, because all pieces of the app can access context 
attributes, from any request (which means any 
thread). 


Very good. Now what about Session attributes. Are 
they safe? 


Yes master. And I know that synchronizing the service 
method is not a solution, because although it will stop 
that servlet from servicing more than one request at 
a time, it will NOT stop other servlets and JSPs in the 
same web app from accessing the context. 


Yes master. They are for only one client, and the laws 
of physics prevent a client from making more than 
one request at a time. 


You have much to learn, grasshopper. You do not 
know the truth about session attributes. Meditate on 
this before speaking again. 


You must think outside the Container. 
Color outside the lines. Run with scissors. 


Yes! The Container can see the request from the 
second window as coming from the same session. 


And how would you protect these session attributes 
from the havoc of multiple threads? 


That is good, yes, but synchronize on what? 


But master, I have meditated and still I do not know 
how one client could have more than one request... 


Very wise advice, master! I have it! The client could 
open a new browser window! So the Container can 
still use the same session for a client, even though it’s 
coming from a different instance of the browser? 


So Session attributes are not thread-safe, and they, too, 
must be protected. I will meditate on this... 

Ah... I must synchronize the part of my code that 
accesses the session attributes. Just the way we did for 
the context attributes. 


I must synchronize on the HttpSession! 
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synchronize on the session 


Protect session attributes by 
synchronizing on the HttpSessiow 


Look at the technique we used to protect the context 
attributes. What did we do? 

You can do the same thing with session attributes, by 
synchronizing on the HttpSession object! 


public void doGet(HttpServletRequest request, HttpServletResponse response) 

throws 工 OException, ServletException { 


response . setContentType (''text/html ”）； 
PrintWriter out = response.getWriter(); 


out. print In (''test session attributes<br >〃）； 
HttpSession session = request.getSession(); 


synchronized(session) { 

session . set Attribute (''f oo 〃，、 '22 〃）； 
session • setAttribute (''bar ”， 、 '42 〃）； 


attributes. 


out.println (session . getAttribute ( 、 'foo 〃））； 
out.println (session . getAttribute (''bar ”））； 



o ： 

Isn't this overkill? Is this really a possibility... that 
a client will open another browser window? 


0 : 

Isn’t it a bad idea to synchronize code, because it 
causes a lot of overhead and hurts concurrency? 


A I 

Of course it is. Surely you’ve done this yourself 
without a second thought — opened a second window 
because you were tired of waiting for the other one to 
respond, or because you minimized one, or misplaced the 
window without realizing it, etc. The point is, you can’t 
take the chance if you need thread-safety for your session 
variables. You have to know that it’s quite possible for a 
session-scoped attribute to be used by more than one 
thread at a time. 


You should ALWAYS think carefully before 
synchronizing any code, because you’re right — it does 
add some expense in checking, acquiring, and releasing 
locks. If you need protection, then use synchronization but 
remember the standard rule of all forms of locking — keep 
the lock for the shortest amount of time to accomplish 


your goal! In other words, don’t synchronize the code that 
doesn’t access the protected state. Make your synchronized 
block as small as possible. Get the lock, get in, get what 
you need, and get the heck out so the lock can release and 
other threads can run that code. 
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SingleThreadModel is designed to 
protect instance variables 

Here’s what the servlet specification says about the 

SingleThreadMode 1 (or STM) interface: 


rtcv-cs 
i\\t kcY 
part … 


Ensures that servlets handle only one request at a time. 

This interface has no methods. If a servlet implements 
this interface, you are guaranteed that no two threads 
will execute concurrently in the servlet’s service method. 

The servlet container can make this guarantee by 
synchronizing access to a single instance of the servlet, 
or by maintaining a pool of servlet instances and 
dispatching each new request to a free servlet. 


Put how does the web container guarantee a 
servlet gets only one request at a time? 

The web container vendor has a choice. The container 
can maintain a single servlet, but queue every request and 
process one request completely before allowing the next 
request to proceed. Or the container can create a pool of 
servlet instances and process each request concurrently, 
one per servlet instance. 

Which STM strategy do you think is better? 


Queue all requests 

O 


C — Requestl 


y-b added to 

°\jaCvaC- Request 2 




Request3 



-fehc web 

匕 o»vtaih 饮 hahds 

"them o^f ; ChC 

^ a io 

"the single 

vlc*fe i hs 


YouV scvvlc*t 

...bu 七 ^Iso 

Should 

i^plcrucht "the 

HTTPScvvlct- 

SihglcTh\rcad/Wodcl 



HTTPServlet 1 

〈〈 interface 〉〉 

{from javax. servlet] 

SingleThreadModel 

A 




z\ 

MyServlet 

1 


STM , 如 W ^ 

^ ^d\t ovst revest at a • 


Send requests through a pool 


#/ 


Requestl 


se\r 




^^lyServlet#^^ 

Thv-cad 4^1 



^AyServlet#l / 


Thread 


^AyServlet#2 / 

_ / 


㈣ 代…土 

o^ oC s \fi a Request3 

— 

s 〆 s … c 




^AyServlet#3 / 

、— _ ’ 
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request queueing or servlet pooling 


Which is the better STM implemehtation? 

Once again we must consult our black belts. 

These guys must know the score on the best STM 
implementation. Let’s see them battle it out... 



Queue all requests 


Send requests through a pool 


Queuing the requests to a single servlet makes the 
most sense. It clearly implements what the spec 
writers intended. 


Yes, but that is the only way to protect the instance 
variables of the servlet. 


Ahh, you see deeply into the fortune cookie, my 
student, but you do not see just how deadly that 
fortune might be... 


But master, won’t performance be impacted? Surely, 
queuing each request prevents multiple users from 
access to the same servlet? 


But master, the container may also create a pool of 
servlet instances. Then the container can process 
one request with one servlet instance and another 
request with a second instance. Each request is 
handled in parallel. 


You speak in riddles, master. What could possibly go 
wrong with the pooling strategy? 


The servlet spec defines that a single servlet 
declaration in the deployment descriptor becomes 
a single object instance at runtime, but now using 
the STM interface, this definition is no longer 
valid. Can you imagine a scenario in which having 
multiple servlet instances fails? 


YES! You have penetrated the depth of the ruse 
that is servlet pooling. The semantics of the “single 
servlet instance” definition is lost. The servlet has 
lost touch with reality. 


Hmm, what if one of the instance variables is meant 
to record how many requests have been processed. 
The counter variable would have several different 
counts, and none of them would be right... only the 
summation of them is correct. 
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^iiereiqrejio 

Dumb Questions 


What’s up? Why is the servlet spec so wishy-washy? 


A I 

The specification writers wanted to give the container 
vendors the opportunity to compete with each other in 
terms of performance and flexibility. 




How do I know which strategy my vendor uses? 


A I 

Well, hopefully it is written down in some part of the 
documentation for the web container. If not, you should 
contact your container vendor, and ask them. 

o ： 

How will the STM strategy change howl write my 
servlet code? 


o 


. 

^RelaX You do not need to 
i V know about these 
container STM strategies 
for the exam- 


A i 

If the container uses a queuing strategy, then the 
"single servlet instance”semantics still hold and you do not 
need to make any code changes. But if the container uses 
a pooling strategy, then the semantics of some instance 
variables might change. For example, if you have an instance 
variable that holds a "request counter,” then that variable no 
longer can be counted on when multiple servlet instances 
are created in the pool. In this case, you could choose to 
make the counter variable a class variable instead. 




But are class variables thread-safe? 


A • 

No, they are not, and the STM mechanism does not 
help with class variables. Yes, it protects instance variables 
from concurrent access, but by pooling multiple instances 
the semantics of the servlet changes. Furthermore, STM does 
not help with other variable or attribute scopes. You are on 
your own... 




So what good is using the SingleThreadModel? 


蠢 


None, really. Which is why STM has been deprecated 
from the servlet API! 一 

l ui / ou i t" T tA ^ 

^ou-t ，i ^ exam. 


c^^rpen your pencil 


Place a checkmark next to the things that are 
NOT thread-safe. (We did the first one.) 




Context-scoped attributes 


□ Session-scoped attributes 

□ Request-scoped attributes 

□ Instance variables in the servlet 

□ Local variables in service methods 

□ Static variables in the servlet 
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request attributes are thread-safe 

Only Request attributes awd local 
variables are thread - safe! 


That’s it. (We include method parameters when we say 
“local variables”). Everything else is subject to manipulation 
by multiple threads, unless j ⑽ do something to stop it. 




fJierei£irejio 

Dumb Questions 


So instance variables aren't thread-safe? 


A i 

That’s right. If you have multiple clients mak¬ 
ing requests on that servlet, that means multiple 
threads running that servlet code. And all threads 
have access to the servlet’s instance variables, so 
instance variables aren’t thread-safe. 


But they WOULD be thread-safe if you imple¬ 
mented the SingleThreadModel, right? 


A ! 

Yes, because you’d never have more than 
one thread for that servlet, so the instance variables 
would be thread-safe. But of course nobody would 
ever allow you into the servlets club ever again. 


o ： 

But if you’re not supposed to use Single- 
ThreadModel or synchronize the service method, 
then how DO you make instance variables thread- 
safe? 


A: 


You don't! Look at a well-written servlet, and 


chances are you won’t find any instance variables. Or 
at least any that are non-final. (And since you’re a Java 


programmer you know that even a final variable can 


still be manipulated unless it’s immutable.) 


So just don’t use instance variables if you need 
thread-safe state, because all threads for that servlet 
can step on instance variables. 


o ： 

Then what SHOULD you use if you need mul¬ 
tiple instances of the servlet to share something? 


0 : 

I was just talking hypothetically. As in, 

"if someone WERE stupid enough to implement 
SingleThreadModel."” Not that I would ever do 
it. But while we’re being hypothetical... if I have a 
friend who, say, synchronizes the service method, 
wouldn’t that ALSO make the instance variables 
thread-safe? 


A I 

XX Yes. But your friend would be an idiot. The 
effect of implementing SingleThreadModel is virtually 
the same as synchronizing the service method. Both 
can bring a web app to its knees without protecting 
the session and context state. 


\ • 

Stop right there! You said "multiple instances 
of the servlet”. We know you didn’t mean that, be¬ 
cause there is always only ONE instance of the servlet. 
One instance, many threads. 


If you want all the threads to access a value, decide 
which attribute state makes the most sense, and store 
the value in an attribute. Chances are, you can solve 
your problems in one of two ways: 


1) Declare the variable as a local variable within the 
service method, rather than as an instance variable. 


OR 


2) Use an attribute in the most appropriate scope. 
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Request attributes and Request dispatching 


Request attributes make sense when you 
want some other component of the app to 
take over all or part of the request. Our 
typical, simple example is an MVG app that 
starts with a servlet controller, but ends with a 
JSP view. The controller communicates with 
the model, and gets back data that the view 
needs in order to build the response. There’s 
no reason to put the data in a context or 
session attribute, since it applies only to this 
request, so we put it in the request scope. 

So how do we make another part of the 
component take over the request? With a 

RequestDispatcher. 


// code in a doGet() 

BeerExpert be = new BeerExpert (); 
ArrayList result = be.getBrands(c); 


wodcl ^3*^3 

s6 〒. 



request • setAttribute (''styles" , result); 


4 七 a d « 邛 
-fov OSP. 


RequestDispatcher view = 

request. getRequestDispatcher (''result. jsp">; 

view. forward (request, response); 




① 


The Beer servlet calls the getBrands() 
method on the model that returns some 
data that the view needs. 


② 


The servlet sets a Request attribute named ''styles”. 
(First it puts ''Moose Orool" into an ArrayList.) 



Servlet 

■ 

Controller 


getBrands() 
Moose Droo 



Model object 


setAttribute(''styles ,, / results) 



Controller 


o 

HttpRequest 


The servlet asks the HttpRequest for a 
RequestDispatcher, passing in a relative 
path to the view JSP. 

getRequestDispatcher(uriToView) 


〈 Servlet 〉 

Controller 



HttpRequest 


( 4 ^ The servlet calls forward() on the Request- 
Dispatcher, to tell the JSP to take over 
the request. (Not shown ： the JSP gets the 
forwarded request, and gets the ''styles" at¬ 
tribute from the Request scope.) 


forward(request / response) 


^ Servlet^ 
Controller 



RequestDispatcher 
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the RequestDispatcher 


RequestPispatcher revealed 

RequestDispatchers have only two methods — -forward() and 
include(). Both take the request and response objects (which 
the component you’re forwarding to will need to finish 
the job). Of the two methods, forward() is by far the most 
popular. It’s very unlikely you’ll use the include method from 
a controller servlet; however, behind the scenes the include 
method is being used byJSPs in the <jsp:include> standard 
action (which we’ll review in chapter 8). You can get a 
RequestDispatcher in two ways: from the request or from the 
context. Regardless of where you get it, you have to tell it the 
web component to which you’re forwarding the request. In 
other words, the servlet or JSP that’ll take over. 


〈〈 interface 〉〉 

RequestDispatcher 

forward(ServletRequest, ServletResponse) 
include(ServletRequest, ServletResponse) 


javax.servlet.RequestDispatcher 


Getting a RequestDispatcher from a ServletRequest 



RequestDispatcher view = request.getRequestDispatcher(''result.j sp^); 


The getRequestDispatcher() method in ServletRequest takes a String path 
for the resource to which you’re forwarding the request. If the path starts with 
a forward slash (T), the Container sees that as “starting from the root of this 
web app”. If the path does NOT start with a forward slash, it’s considered 
relative to the original request. But you can’t try to trick the Container into 
looking outside the current web app. In other words, just because you have 
lots of doesn’t mean it’ll work if it takes you pastihe root of your 
current web app! 


Y \0 

63 SC, 


•«sa relatwe Q ^ tWs u 

)1 slasV. ( / )• ^ ^ 

looks U VsulY? r，r 


Getting a RequestDispatcher from a Se rvl et Con text 


RequestDispatcher view = getServletContext() .getRequestDispatcher(''/result.jsp^); 


Like the equivalent method in ServletRequest, this getRequestDispatcher() 
method takes a String path for the resource to which you’re forwarding the 
request, EXCEPT you cannof specify a path relative to the current resource (the 
one that received this request). That means you must start the path with a 
forward slash! 


\ 

You MUST use 
-fov-y/av-d slash W\{\\ 七 he 

of ScV-v|c*tCoir\*tc^t 


Calling forward() on a RequestDispatcher 

view.forward(request, response); 

Simple. The RequestDispatcher you got from your context or request knows the 
resource you’re forwarding to—the resource (servlet, JSP) you passed as the 
argument to getRequestDispatcher(). So you’re saying, “Hey, RequestDispatcher, 
please forward this request to the thing I told you about earlier (in this case, a 
JSP), when I first got you. And here's the request and response, because that 
new thing is going to need them in order to finish handling the request.” 
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Whafs wrong with this code? 

What do you think? Does this RequestDispatcher code 
look like it will work the way you’d expect? 


public void doGet(HttpServletRequest request, HttpServletResponse response) 


throws 工 OException, 

response . setContentType (''application/jar ’’）； - 

ServletContext ctx = getServletContext(); 

工 nputStream is = ctx . getResourceAsStream (''bookCode . j ar^);] 
int read =0; / 

byte[] bytes = new byte[1024]; V 

OutputStream os = response.getOutputStream(); f 

while ((read = is.read(bytes)) != -1) { \ 

os.write(bytes, 0, read); J 

} / 

os .flush () ; f 


ServletException 


Assume 七 all 

七 his y/ovks. 


RequestDispatcher view = request.getRequestDispatcher(''result.j sp^); 
view.forward(request, response); 
os.close (); 


You'll get a big, fat IllegalStateException! 


You can 9 t forward the request 
if you，ve already committed 
a response! 

And by Committed a response” we mean, ^ tthe 
response to the clients Look at the code again. The b,g 

problem is: 

os • flush {) } 

ThaVs the line that causes the response to be sent to 
the c nent, and at that point, this response is DONE. 
FINISHED OVER You can } t possibly forward the 

H because t h e revest is Nstory 

yot/Ve already responded, and you get only one sho 
at this. 

S o don’t be fooled if you see questions on the exaf ^ 
tat Lard a request AFTER a 巧瓣二娜伽 
Container will throw an HlegalStateException. 


o ： 

How come you didn't talk about the 
RequestDispatcher includeO method? 


It’s not on the exam, for one thing. For 
another, we already mentioned that it’s not 
used much in the real world. But to satisfy 
your curiosity, the includeO method sends the 
request to something else (typically another 
servlet) to do some work and then comes back 
to the sender! In other words, includeO means 
asking for help in handling the request, but 
it’s not a complete hand-off. It’s a temporary, 
rather than permanent transfer of control. With 
forward 。， you’re saying, "That’s it, I’m not do¬ 
ing anything else to process this request and 
response.” But with includeO, you’re saying, 

"I want someone else to do some things with 
the request and/or response, but when they’re 
done, I want to finish handling the request and 
response myse/f (although I might decide to do 
another include or forward after that."’’). 
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Remembering the Listeners 

ANSWERS 


Attribute listeners 

Sc\rvlc*tRc<\ucs*t/\*t*tv-ibu*tcLis*tc^cv- 

Scv-vlc*tCo^*tcx.*tA*t*tv"ibu*tcLis*tc^cv- 

H'*t*tpScssioir\/\'t*tv"ibu*tcLis-tc^cv- 

Other lifecycle listeners 

Sc\rvlc*tRc«\ucs*tLis-tc^cv- ,, 

Swlc 七 C 。 士也 isW (七 以 listens v/ovd 

tt*t*tpScssioir\Lis*tc^c\r u A~bb^u4e” msevtcd ^ *m*bcv Btt 

tt*t*tpScssio^B*mdlm5Lis*tc^c\r 

tt*t*tpScssiohA^*tiva*tio^Lis*tc^c\r 

Methods in all 
attribute listeners 
(except binding listener) 

a*t*tv-ibu-tcAddcdO 

a*t*tvibu*tcRcmovcdlO 

a*t*tv-ibu-tcRcpladcdO 

Lifecycle events 
related to sessions 
(excluding attribute- 
related events) 

y/hci^ session is By\d its dcsbro^fcd 

scssio^Cv-catcdO 

s C ssio„p C s^oy c aO (Hote-2 二 s … a〆 .） 

tovcv ^ 

Lifecycle events 
related to requests 
(excluding attribute- 
related events) 

y/hc^ \rc^ucs*t is mrtidliz^d ov dcs*t\roycd 

r^ucsil^ializ^aO (Mo^c fecW ⑼ sess^ 

— ) :部 

Lifecycle events 
related to servlet 
context (excluding 
attribute-related events) 

y/het^ *thc is mrtializjcd ov destroyed 

doirrtwtl 灼 i*tializ«cdO 

do 灼七 wtDcs*broyedO 
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Attribute Scope 

ANSWERS 



Accessibility 

(who can see it) 

Scope 

(how long does it live) 

What it’s good for 

Context 

(blOT -thv-cad-sa-fcO 

pav-t o-f ihc >/cb app 
’mdud’mj sc\rvlc*b, JSPs, 

Scv-v| ctCo^'tcx.'tLis-tc^cv-s, 

Scv-v| ctCo^*tcx>*tA*t*tvibu*tc- 

UisicmeY'S. 

Li-fc*tiw\c o-f *thc 

Scv-vIrtCo^-tc^t v/hidh 
mca^s li-fc *thc deployed 
app. l-f scv-vcv- ov- app ^ocs 

dovm, the do 灼 *tc 乂 *t is 

des-tv-oyed y/i-th its 

a*t*tvibu*tcs). 

Resouvdes you v/a 灼七 *thc 

C)rrti\rc application *to 

shav-c, mdludi^ daiabase 
dorme^tior^ JKDI lookup 
^ames, email addv-csscs., t\jt- 

HttpSession 

(HOT tWcad-sa-fcO 

A^y sc\rvlc*t ov JSP W\{\\ 

Bttcss *bo *this pa\rti^ulav 
scssio^. Rcmcmbcv-, d session 
cx.*tc^ds beyond a smjlc 
\rc«\ucs*t *to spa^ multiple 
v-c<^ucs*b by *thc same dictrrb, 
y/hi^h dould *ko di«ev •伙七 

scv-vlcts. 

The li-fc c^f *thc session. /\ 
session tBr\ be dcs*t\roycd 

pvojvamrwa-tidally ov d 扣 
simply "time — out (Will 

50 nrrto *thc drtdils'm 
•the Session 
dhap*tcv-.) 

Data av\d v-csouv-dcs \rcla*tcd 
*to *this dierrt’s session, 
ir\o*t jus*t B single v-c^ucst 
Somc*thrn^ *tha*t v-c^uiv-cs Br\ 
^o^vc\rsa*tioir\ y/ith 
*thc dlic^t A shopp'mj tBr{, 
is a -typical example- 

Request 

(TWcad-sa-fc) 

A^y p3v-*t o( -the application 
*tha*t hds divert adless -to -the 

Request object Tha*t mostly 
med^s oY\\y 七 he Scv-vlcts 

JSPs *to v/hi^h *thc 
v-c^ucst is -fov-y/av-ded usrng 
d Rc<\ucs-tDispa*tchcv-. Also 
Rc<\ucs*t-\rcla*tcdl listc^cv-s. 

The li-fc o( the Request 
med^s ujrrtil the 

Scv-vlcVs sev-videO method 
Completes. o*thcv- y/ovds, 

-fov- -the li-fc o-f *thc *t^v-cad 
(s-tadk) *this 

vc^ucst- 

Passing model 'm-fo -fvom 
■the ^o^*t\rollc\r *bo *thc viev/ .. 
ov- a^y o*thcv- da'bd spcdi-fi£. 

■fco d smjlc dicivt request 
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code magnets answers 


<context-pa^a^^^^j 


<param-name> 


</param-name> 


<param-value> 


</param-value> 

</context-para m > | 




^web^pp^ 


Not used: 


is used -fo\r sc\rvlc*t mi 七 

pav-amc*tcv-s, y\o{, dcm*tc 乂 *t *mi*t pa\ramc*tc\rs. 

You -f md pa\ram> OblL^/ 'mside B 
<scv-vlc*t> dement 

Thcv-c ； s y\o su^h as <scv-vlc*t—pav-ar»\> 





Code Magnets 


ANSWERS 

(configuring a context parameter in the DD) 


<web-app ...> 



<servlet-name> 




<servlet-class> 

com.wickedlysmart.BeerTester 

</servlet> 

1 


</servlet-class> 



■S -M*5rvh-0M. 12 ^2.Jh- 
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c 办尹尹在它 


TKoc^ Zxom QAopt&i 5 


When using a RequestDispatcher, the use of which methods can often lead 
to an IllegalStateException? (Choose all that apply.) 

口 A. read 

Q B. flush 

口 G. write 

□ D. getOutputStream 

Q E. getResourceAsStream 


Which statements about ServletContext initialization parameters are true? 
(Choose all that apply.) 

Q A. They should be used for data that 
changes rarely. 

Q B. They should be used for data that 
changes frequently. 

Q G. They can be accessed using 

ServletContext.getParameter(String). 

□ D. They can be accessed using 

ServletContext.getlnitParameter(String). 

Q E. They should be used for data that is specific 
to a particular servlet. 

□ F. They should be used for data that is applicable 

to an entire web application. 
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mock exam 



Which types define the methods getAttribute () and setAttribute () ? 
(Choose all that apply.) 

□A. HttpSession 

Q B. ServletRequest 

Q G. ServletResponse 

□ D. ServletContext 

Q E. ServletConfig 

Q F. SessionConfig 



If a servlet is invoked using the forward or include method of 
RequestDispatcher, which methods of the servlet’s request object can access 
the request attributes set by the container? (Choose all that apply.) 

□A. getCookies() 

口 B. getAttribute() 

Q G. getRequestPath() 

□ D. getRequestAttribute() 

口 E. getRequestDispatcher() 



Which calls provide information about initialization parameters that are 
applicable to an entire web application? (Choose all that apply.) 

□ A. ServletConfig.getlnitParameters () 

Q B. ServletContext.getlnitParameters() 

Q C. ServletConfig. getlnitParameterNames () 

□ D. ServletContext.getlnitParameterNames() 

Q E. ServletConfig. getl nit Parameter (String) 

□ F. ServletContext. getlnitParameter (String) 
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Which statements about listeners are true? (Choose all that apply.) 

Q A. A ServletResponseListener can be used to perform an action 
when a servlet response has been sent. 

Q B. An HttpSessionListener can be used to perform an action when 
an HttpSession has timed out. 

Q C. A ServletContextListener can be used to perform an action 
when the servlet context is about to be shut down. 

Q D. A ServletRequestAttributeListener can be used to 

perform an action when an attribute has been removed from a 

ServletRequest. 

Q E. A ServletContextAttributeListener can be used to perform 
an action when the servlet context has just been created and is 
available to service its first request. 


^ Which is most logically stored as an attribute in session scope? 

Q A. A copy of a query parameter entered by a user. 

Q B. The result of a database query to be returned 
immediately to a user. 

Q C. A database connection object used by all web 
components of the system. 

Q D. An object representing a user who has just logged into 
the system. 


Q E. A copy of an initialization parameter retrieved from a 

Servle tCon text object. 
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Given this code from an otherwise valid HttpServlet that has also been 
registered as a ServletRequestAttributeListener: 


10 . public void doGet(HttpServletRequest req, 

HttpServletResponse res) 

11. throws IOException , ServletException { 

12 . req • setAttribute ( 、 'a", 、 'b"); 

13 . req. setAt tribute ( 、 'a", 、 'c"); 

14 . req. removeAttribute (' 、 a"); 

15. } 

16. public void attributeAdded(ServletRequestAttributeEvent ev) { 

17 . System, out .print (、' A:" + ev. getName () + 、'->" + ev. getValue ()); 

18. } 

19 . public void attributeRemoved (ServletRequestAttributeEvent ev) { 

20 . System. out.print ('' M:" + ev. getName () + '、->" + ev. getValue ()); 

21. } 

22 . public void attributeReplaced( ServletReques tAttributeEvent ev) { 

23 . System, out .print (、' P:" + ev. getName () + '、->" + ev. getValue ()); 

24. } 


What logging output is generated? 


u 

A. 

A: 

a- 

->b 

P: 

a->b 




□ 

B. 

A: 

a- 

->b 

M: 

a->c 




□ 

G. 

A: 

a- 

->b 

P: 

a->b 

M: 

a->c 


□ 

D. 

A: 

a- 

->b 

P: 

a->b 

P: 

a->null 

□ 

E. 

A: 

a- 

->b 

M: 

a_>b 

A: 

a->c 

M:a->c 

□ 

F. 

A: 

a- 

->b 

M: 

a->b 

A: 

a->c 

P:a->null 



When declaring a listener in the DD, which sub-elements of the 〈 listener 〉 
element are required? (Choose all that apply.) 

Q A. 〈 description 〉 

Q B. <listener-name> 

Q C. <listener-type> 

□ D. <listener-class> 

Q E. <servlet-mapping> 
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Which types of objects can store attributes? (Choose all that apply.) 

□ A. ServletConfig 

Q B. ServletResponse 
Q G. RequestDispatcher 

□ D. HttpServletRequest 

□ E. HttpSessionContext 


11 


Which are true? (Choose all that apply.) 

Q A. When a web application is preparing to shutdown, the order 
of listener notification is not guaranteed. 

Q B. When listener-friendly events occur, listener invocation order 
is not predictable. 

Q G. The container registers listeners based on declarations in the 
deployment descriptor. 

Q D. Only the container can invalidate a session. 



Which statements about RequestDispatcher are true (where applicable, 
assume the RequestDispatcher was not obtained via a call to 
getNamedDispatcher ())? (Choose all that apply.) 

Q A. A RequestDispatcher can be used to forward a request to another 
servlet. 

Q B. The only method in the RequestDispatcher interface is 

forward (). 

Q G. Parameters specified in the query string used to create a 

RequestDispatcher are not forwarded by the forward () method. 

Q D. The servlet to which a request is forwarded may access the 
original query string by calling getQueryString () on the 
HttpServletRequest. 

Q E. The servlet to which a request is forwarded may access the original 

query string by calling getAttribute ('' javax. servlet. forward, 
query string") on the ServletRequest. 
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What is the recommended way to deal with servlets and thread safety? 
Q A. Write the servlet code to extend ThreadSafeServlet. 

Q B. Have the servlet implement SingleThreadModel. 

Q G. Log all servlet method calls. 

Q D. Use local variables exclusively, and if you have to use instance 
variables, synchronize access to them. 


Given the following methods: 

- getCookies 
- getContextPath 
- getAttribute 

Match the methods above to the following classes or interfaces. Note that each method can 
be used more than once. 

HttpSession . . 

ServletContext . . 

HttpServletRequest . . 
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Which are true about the RequestDispatcher interface? (Choose all 
that apply.) 

Q A. Of its two methods, forward () is used most frequently. 

Q B. Its methods take the following arguments: a resource, a request, 
and a response. 

Q G. Depending on the class whose method creates a 

Reques tDi spa tcher, the path to the resource to be forwarded 
to will change. 

□ D. Regardless of the class whose method creates a 

Reques tDi spa tcher, the path to the resource to be forwarded 
to will NOT change. 

Q E. If your servlet invokes RequestDispatcher. forward, it 

can send its own response to the client before, but not after the 
invocation of forward. 
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c 办尹尹在它 




When using a RequestDispatcher, the use of which methods can often lead 
to an IllegalStateException? (Choose all that apply.) 


(Sewlet ^ ^ in) 


□ 

A. 

read 


B. 

flush 

S' 

G. 

write 

□ 

D. 

getOutputStream 

□ 

E. 

ge tResourceAs S tream 


一 ‘ lllc^alS-ta-tcE^rbioh is caused 
y^j\\tri 3 v"cspo^sc has already 
'dommi-ttca -to the dli ⑶七 （the A*lush 
method docs that), a^d you 

atbemft a -fov-^av-d. 


Which statements about ServletContext initialization parameters are true? 


(Choose all that apply.) 

^ A. They should be used for data that 
changes rarely. 

They should be used for data that 
changes frequently. 

They can be accessed using 

ServletContext.getParameter(String). 

They can be accessed using 


(Soviet ^ 


□ B. 


□ G. 




D. 


□ E. 




F. 


OYi 


-Oftioh 3 is *mdov-\rcd*t because 
ScV"vlc*tCoir\*tc%*t p3V"3mC"tcv*S 3V*C 

|y v-cad at Co^-ta'mcv- s-tav-t-uf 七 ime. 

-Option C is mdov-v-cd*t 
bedduse 七 his method 
does 的。七 cx.is*t- 


ServletContext.getlnitParameter(String). 

They should be used for data that is specific 
to a particular servlet. 

They should be used for data that is applicable 
to an entire web application. 


-Option B is "nr\doir\rcd*t bedduse 
ihev-c is ohly oy\c Scv-vlc*tCoh*tc>c*t 
objedi pev- v/cb affliddiioh. 
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Which types define the methods getAttribute () and setAttribute () : 
(Choose all that apply.) 

A. HttpSession 

ServletRequest 

ServletResponse 

ServletContext 

ServletConfig 

SessionConfig 


? 



(Soviet ^ ^ ^ ^ 



If a servlet is invoked using the forward or include method of (Soviet 

RequestDispatcher, which methods of the servlet’s request object can access 
the request attributes set by the container? (Choose all that apply.) 

□A. getCookies 


^ B. getAttribute 
口 G. getRequestPath 
Q D. getRequestAttribute 
口 E. getRequestDispatcher 


?> is {\\t dov-v-edt method. 

W\{\\ it you the 

fofulatcd java^.sc\rvlct-fov->ward.><^ a^d 

-Oftiohs C ahd P v-c-Pcv -to 
methods that doh’t exist. 



Which calls provide information about initialization parameters that are 
applicable to an entire web application? (Choose all that apply.) 





ServletConfig. getlnitParameters () 
ServletContext.getlnitParameters() 
ServletConfig. getlnitParameterNames () 
ServletContext.getlnitParameterNames() 
ServletConfig. getl nit Parameter (String) 
ServletContext.getlnitParameter(String) 


-Oftio^s A a^d B a\rc mdo\r\rCdt 
bedduse these methods do v\oz 


-t/p*tiohS 0 3hd fc 3\rc ihdo\r\rcd*t 
they provide addess -to scv-vlct-spcdi-fid 
ihitializ^tioh \>a^ameicrs. 
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Which statements about listeners are true? (Choose all that apply.) 

Q A. A ServletResponseListener can be used to perform an action 
when a servlet response has been sent. 

B. An HttpSessionListener can be used to perform an action when 
an HttpSession has timed out. 

G. A ServletContextListener can be used to perform an action 
when the servlet context is about to be shut down. 

D. A ServletRequestAttributeListener can be used to 
perform an action when an attribute has been removed from a 

ServletRequest. 

□ E. A ServletContextAttributeListener can be used to perform 
an action when the servlet context has just been created and is 
available to service its first request. 




^ 0O) 


-Oftioh A ,s m^o\r\rCd*t 
because these is wo 
Scv-vIctRcsfo^scLis-tchCV- 


—E is 
*mdo\r\rC^*t a 

Scvvl c*tCo^*tcx**tL-istc^cv- 
y/ould be used -fov- this 
purpose. 


Which is most logically stored as an attribute in session scope? 




□ A. A copy of a query parameter entered by a user. woV"C » USC i* 

LediaWv 。 ? 伏加 . 


Q B. The result of a database query to be returned 
immediately to a user. 

Q C. A database connection object used by all web 
components of the system. 


v-ctuv-y\cd 


^ B is \Uovrtci bcdausc sudh 
^ immcdia*tcl 7 

d ov s*bo\rcd v-c^ucst sCo'ft 


-Option C is mdo\r\rcd*t bedduse (srndc i*t 

is ho*t spedi-rid *to d pa\rti^ula\r session) i*t 
should be s*to\rcd m dohte 乂 *t sdopc- 


D. An object representing a user who has just logged into 
the system. 


Q E. A copy of an initialization parameter retrieved from a -Optioh E is ih&o 汁 L .. 

ServletContext object. should 

the Sc\rvlrtCohicxt object. 
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Given this code from an otherwise valid HttpServlet that has also been 
registered as a ServletRequestAttributeListener: 


^ 阶如 0) 


10 . public void doGet(HttpServletRequest req, 

HttpServletResponse res) 

11. throws IOException , ServletException { 

12 . req • setAttribute ( 、 'a", 、 'b"); 

13 . req. setAt tribute ( 、 'a", 、 'c"); 

14 . req. removeAttribute (' 、 a"); 

15. } 

16. public void attributeAdded(ServletRequestAttributeEvent ev) { 

17 . System, out .print (、' A:" + ev. getName () + 、'->" + ev. getValue ()); 

18. } 

19 . public void attributeRemoved (ServletRequestAttributeEvent ev) { 

20 . System. out.print ('' M:" + ev. getName () + '、->" + ev. getValue ()); 

21. } 

22 . public void attributeReplaced( ServletReques tAttributeEvent ev) { 

23 . System, out .print (、' P:" + ev. getName () + '、->" + ev. getValue ()); 

24. } 


What logging output is generated? 

□ A. A:a->b P : a->b 


□ 

B. 

A 

: a 

->b 

M 

: a 

->c 






G. 

A: 

a- 

■>b 

P: 

a- 

■>b 

M: 

a- 

■>c 


□ 

D. 

A: 

a- 

■>b 

P: 

a- 

■>b 

P: 

a- 

->null 

□ 

E. 

A: 

a- 

■>b 

M: 

a- 

■>b 

A: 

a- 

■>c 

M:a->c 

□ 

F. 

A: 

a- 

■>b 

M: 

a- 

■>b 

A: 

a- 

■>c 

P:a->null 


-Tridky! The ytValuc 

method the OLV 

value o-f the atbribuU 
the attribute v-cpladcd- 



When declaring a listener in the DD, which sub-elements of the 〈 listener 〉 
element are required? (Choose all that apply.) 

□A. <description> 

Q B. <listener-name> 

Q C. <listener-type> 

D. 〈 listener-class 〉 一 The <listc^cv-6lass> sub - elemcjrrt [s 
LI E. <servlet-ma Ppi ng> 如 ••如 忧 >\| ⑽冼 


\ 0 *\) 
t 1 州） 
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Which types of objects can store attributes? (Choose all that apply.) 

□ A. ServletConfig 
Q B. ServletResponse 
Q G. RequestDispatcher 
Q D. HttpServletRequest 

□ E. HttpSessionContext 


•Op 七 ions A ， 民 C 
iy>valui because -these do 
y\o{, s*to\rC atbr»bu 七 es. 


-Optioh E is ihvalid because 
"there is ho sudh type. 


(API) 


Ko*tc ： The o*thcv- *tv/o 
-types \rdaicd bo scv-vlc*b, 
*tha*t da^ siov-c a*t*tv-ibu*tcs 


arc H*t*tpScssior\ 
Scv-vlc*tuoh*tcx**t- 
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Which are true? (Choose all that apply.) 


□ A. 


□ B. 

^ G. 


When a web application is preparing to shutdown, the order 
of listener notification is not guaranteed. 

When listener-friendly events occur, listener invocation order 
is not predictable. 

The container registers listeners based on declarations in the 
deployment descriptor. 


- (Sewlet ^ 81 一 8 今 ) 

—A 3 av*c 

\Uorrtci because i\\t 
do^-ta'mcv- uses i\\t PP *to 
detev-mme i\\t ho-ti-fi^atioh 
order o( v-c^istcvcd listc^cv-s. 


□ D. 


Only the container can invalidate a session. 


—Op*tioh P is ihdo\r\rcd*t 3 

sc\rvlc*t t^y\ mvaliddie a session usma 
ihc HitpScssioh.ihvalidaicO method. 
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Which statements about RequestDispatcher are true (where 
applicable, assume the RequestDispatcher was not obtained via a call 


(Soviet ^ 


to getNamedDispatcher ())? (Choose all that apply.) 

^ A. A RequestDispatcher can be used to forward a request to 
another servlet. 

Q B. The only method in the RequestDispatcher interface is 

forward (). 

Q G. Parameters specified in the query string used to create a 

RequestDispatcher are not forwarded by the forward () 

method. 


□ D. 
^ E. 


The servlet to which a request is forwarded may access the 
original query string by calling getQueryString () on the 
HttpServletRequest. 

The servlet to which a request is forwarded may access the 


original query string by calling getAttribute ( 、、 javax. 
servlet.forward.query string^) on the 


B is *mdovv-c£.*b 
because the mtev-fade also 

dohtams a 灼 mdludc method- 

-Optioh C is ihdo\r\rcd*t 
bemuse s\acM pavawtevs 
a\rc -Po\rwa\rdcd ih this dasc. 

-Optioh p is ihdo\r\rcdt because 
"this method \rc*tu\rhs *thc «ucv"V 

st\r'ma oh iKc URL pattev-h -fv-o» 

the Kc^ucs*tPispa*tdKc\r. 


ServletRequest. 
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^ ! iTJ) 

What is the recommended way to deal with servlets and thread safety? 

口 A. Write the servlet code to extend ThreadSafeServlet. 一 〜 w 

□ B. Have the servlet implement SingleThreadModel. because TWcdd ^p| 

Q C. Log all servlet method calls. S*m^lcTWc3dModcl 

D. Use local variables exclusively, and if you have to use instance ^ version 2-A" 3)r\d 

variables, synchronize access to them. y\oz vcdowwC^dcd * 


14 


Given the following methods: 

- getCookies 
- getContextPath 


(API) 


- getAttribute 

Match the methods above to the following classes or interfaces. Note that each method can 


be used more than once. 




HttpSession 

vtM*bribu 七 e 



ServletContext 

gctAtiv-ibuic 

^c*tCor\*tc%*tPa*tV^ 


HttpServletRequest 

getCookies 


f^ctCoh-tcx-tPa-th 


/\ 乇 "tins ^onr\*t 七 his should 的 * t 3bou*t 

mC^oviz3'tior\ ds 3s about 4a 七 wthods 
y/ould vtndkc SC^SC C3& Sdo^C- 
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Which are true about the RequestDispatcher interface? (Choose all 
that apply.) 

A. Of its two methods, forward () is used most frequently. 

Q B. Its methods take the following arguments: a resource, a request, 


and a response. 

G. Depending on the class whose method creates a 

Reques tDi spa tcher, the path to the resource to be forwarded 
to will change. 

□ D. Regardless of the class whose method creates a 

Reques tDi spa tcher, the path to the resource to be forwarded 
to will NOT change. 

Q E. If your servlet invokes Reques tDi spa tcher. forward, it 

can send its own response to the client before, but not after the 


invocation of forward. 


(API) 


一 Of 七 ior> B: i\\t vcsouvtc 
•is speti-f ied 3^ object 
dvcatio^ twc- 


— Optioh E ： i-p youv* scvvlct 
us« ah RD, it 
schd i*ts owh vcspohsc. 
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6 session inanageiqent 


Conversational state 



Web servers have no short-term memory. As soon as they 

send you a response, they forget who you are. The next time you make a 
request, they don’t recognize you. In other words, they don’t remember what 
you’ve requested in the past, and they don’t remember what they’ve sent you 
in response. Nothing. Sometimes that’s fine. But sometimes you need to keep 
conversational state with the client across multiple requests. A shopping cart 
wouldn’t work if the client had to make all his choices and then checkout in a 
single request. You’ll find a surprisingly simple solution in the Servlet API. 


this is a new chapter 
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official Sun exam objectives 


issbsmp - 一 


Session Management 


Coverage Notes: 


4.1 Write servlet code to store objects into a 
session object and retrieve objects from a 
session object. 

4.2 Given a scenario describe the APIs used to 
access the session object, explain when the 
session object was created, and describe the 
mechanisms used to destroy the session object, 
and when it was destroyed. 


All four of the exam objectives on session 
management are covered completely in this 
chapter (although some of these topics were 
touched on in the previous chapter). This 
chapter is your one chance to learn and 
memorize these topics, so take your time. 


4-3 Using session listeners, write code to respond to 
an event when an object is added to a session, 
and write code to respond to an event when a 
session object migrates from one VM to another. 


4.4 Given a scenario, describe which session 
management mechanism the Web container 
could employ, how cookies might be used to 
manage sessions, how URL rewriting might be 
used to manage sessions, and write servlet code 
to perform URL rewriting. 
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I want the beer app 
to have a back and forth 
conversation with the client... 
wouldn’t it be cool if the user 
answers a question, and then the 
web app responds with a new 
question based on the answer 
to the previous ones? 


D 


Kim wants to keep client-specific 
state across multiple requests 



Right now, the business logic in the model 
simply checks the parameter from the request 
and gives back a response (the advice). Nobody 
in the app remembers anything that went on with 
this client prior to the current request. 


What he has NOW: 


public class BeerExpert { 

public ArrayList getBrands(String color) 
ArrayList brands = new ArrayList(); 
if (color • equals (''amber ”）） { 

brands • add (''Jack Amber ’’）； 
brands • add (''Red Moose ’’）； 

} else { 

brands • add (''Jail Pale Ale ’’）； 
brands . add (''Gout Stout^); 


return brands 


v 

Uo\or) ^ 

TW、s ’t 叫 


What he WANTS: 

public class BeerExpert { 


"The i^odd (the business lo^id) 
has -Piau\rc out whethev- it has 
Chough -to a 


V-CdorurwChdatioh (\v\ othev* vjo^ds, 

317 -Pihal advi 以入 3 hd j i 七 
doesn't it has -to give \>at\c -the 
Mxt «\ucstioh "to ask -the USCV-. 


public NextResponse getAdvice(String answer) { 

// Process client answer by looking at 
// ALL of the client's previous answers, as well 
// as the answer from the current request. 

// if there's enough info, return final advice, 

// else, return the next question to ask 
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client conversation 


It’s supposed to work like a REAL conversation... 





Dude... would I be 
working as a computer 
book model if I didn’t need 
the money? OF COURSE I 
care about price! 
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How can he track the cliewfs answers? 


Kim’s design won’t work unless he can keep track of everything 
the client has already said during the conversation, not just the 
answer in the current request. He needs the servlet to get the 
request parameters representing the client’s choices, and save it 
somewhere. Each time the client answers a question, the advice 
engine uses all of that client’s previous answers to come up with 
either another question to ask, or a final recommendation. 

What are some options? 

Use a stateful session enterprise javabean 

Sure, he could do that. He could have his servlet become a 
client to a stateful session bean, and each time a request comes 
in he could locate that client’s stateful bean. There are a lot of 
little issues to work out, but yes, you can certainly use a stateful 
session bean to store conversational state. 

But that’s way too much overhead (overkill) for this app! Besides, 
Kim’s hosting provider doesn’t have a full J2EE server with an 
EJB Container. He’s got Tomcat (a web Container) and that’s it. 


An HttpSeSSion object can 
hold conversational state 
across multiple revests 
from the same client. 

In odier words, it persists 
for an entire session with 
a specific client. 


Use a database 



This would work too. His hosting provider does allow access to 
MySQL, so he could do it. He could write the client’s data to a 
database... but this is nearly as much of a runtime performance 
hit as an enterprise bean would be, possibly more. And way more 
than he needs. 


We can use it to store 
everyfliing we get back 
froin ^ie client in all ^ie 
revests the client makes 
during a session. 


Use an HttpSession 

But you already knew that. We can use an HttpSession object to 
hold the conversational state across multiple requests. In other 
words, for an entire session with that client. 

(Actually, Kim would still have to use an HttpSession even if he 
did choose another option such as a database or session bean, 
because if the client is a web browser, Kim still needs to match 
a specific client with a specific database key or session bean ID, 
and as you’ll see in this chapter, the HttpSession takes care of 
that identification.) 
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sessions in action 


How sessions work 


① 


Diane selects M Dark 〃 
and hits the submit 
button. 


The Container sends the 
request to a new thread of 
the BeerApp servlet. 


The BeerApp thread finds the 
session associated with Diane, and 
stores her choice ( 、、 Oark〃）in the 
session as an attribute. 



② 


The servlet runs its business logic (including 
calls to the model) and returns a response... in 
this case another question, ''What price range?" 





Diane considers the new 
question on the page, 
selects ''Expensive" and 
hits the submit button. 



The Container sends the 
request to a new thread of 
the BeerApp servlet. 




Web Container 



The BeerApp thread finds 
the session associated with 
Diane, and stores her new 
choice ( 、、 Expensive”）in the 
session as an attribute. 


setAttribute() 




^pSe^ 


Same client 
Same servlet 
Different request 
Different thread 
Same session 
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④ 


The servlet runs its business logic 
(including calls to the model) and 
returns a response... in this case 
another question. 



Meanwhile, imagine ANOTHER client goes to the beer site... 




⑤ 


Dianes session is still 
active, but meanwhile 
Terri selects ''Pale'’ and 
hits the submit button. 


The Container sends Temfs 
request to a new thread of 
the BeerApp servlet. 


The BeerApp thread starts 
a new Session for Terri, and 
calls setAttribute() to store 
her choice ( 、、 Pale〃). 




Diane 


Web Container 


We do^i Tc^'i a^d 

places av\s>wcv-s rr：\%td … 
so i\\q 妊咖 ovm 

scpav-a*tc session object 


Different client 
Same servlet 
Different request 
Different thread 
Different session 
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recognizing the client 


One problem... how does the Cowtamcr 
kwow who the client is? 


The HTTP protocol uses state/m connections. The client 
browser makes a connection to the server, sends the request, 
gets the response, and closes the connection. In other words, 
the connection exists for only a single request/response. 

Because the connections don’t persist, the Container doesn’t 
recognize that the client making a second request is the same 
client from a previous request. As far as the Container’s 
concerned, each request is from a new client. 


But things were 
going so well... I thought 
we had a relationship... 


I’m sorry, but I don’t 
remember you. I’m sure we 
shared good times together, 
but well have to start over. 


How will the Container 
recognize ifs Diane and not 
Terri? HTTP is stateless, 
so each request is a new 
connection... 


O 

o 




fy 




^Jiereiqrejio 

Dumb Questions 


Why can’t the Container just use the IP address of 
the client? It's part of the request, right? 


A ! 

Oh, the Container can get the IP address of the 
request, but does that uniquely identify the client? If you’re 
on a local IP network, you have a unique IP address, but 
chances are, that’s not the IP address the outside world 
sees. To the server, your IP address is the address of the 
router, so you have the same IP address as everybody else 
on that network! So that wouldn’t help. You’d have the 
same problem — the stuff Jim puts in his shopping cart 
might end up in Pradeep’s cart, and vice versa. So no, IP 
address isn’t a solution for uniquely identifying a specific 
client on the internet. 


^ m 


o ： 

Well then how about security info? If the user 
is logged in, and the connection is secure (HTTPS), the 
Container knows EXACTLY who the client is, right? 


A I 

Yes, if the user is logged in and the connection is 
secure, the Container can identify the client and associate 
him with a session. But that’s a big if. Most good web site 
design says, "don’t force the user to log in until it really 
matters, and don’t switch on security (HTTPS) until it really 
matters.” If your users are just browsing, even if they’re 
adding items to a shopping cart, you probably don’t 
want the overhead (for you or the user) of having them 
authenticate to the system until they decide to checkout! 
So, we need a mechanism to link a client to a session that 
doesn’t require a securely authenticated client. (We’ll go 
into security details in the... wait for it... Security chapter.) 
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session management 


The client needs a unique session IP 

The idea is simple: on the client’s first request, the Container 
generates a unique session ID and gives it back to the client 
with the response. The client sends back the session ID 
with each subsequent request. The Container sees the 
ID, finds the matching session, and associates the session with 
the request. 



resp0 他 e,r 


Hey server, 
here's my first request, 
with the parameter 
'dark”. Can we start a 
conversation? 


Yes, but I’m state-challenged and 
won’t remember you, so I’m giving 
you a unique session ID. You MUST give 
that back to me each time you make a 
request, so I’ll know ifs you. 


new 


^ pSe ' 


Container 
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the joy of Cookies 


How do the Client and Container 
exchange Session IV iwfo? 


Somehow, the Container has to get the session ID to the 
client as part of the response, and the client has to send back 
the session ID as part of the request. The simplest and most 
common way to exchange the info is through cookies. 


Cookies 








w Sc*t-Cookic W is \us*t a^o*thcv 
hcadcv scir>*t m xhc v-cspo^sc. 





^oU'e-SlONID^O 

nt-Tvoe: text/html 


C(^itent-Type ： text/html 
Content-Length ： 397 4Q gMT 

Date: Wed, 19 Nov 2003 03.2b. 

Server: Apache-Coyote/1.1 
Connection: close 

<html> 

</html> 



I^XTP Response 



w Cookic w is iicadcv* 

se 灼七 m 七 ve'ues 七 . 

User-Agent: Mozilla/5 0 

A C ° Okie：JSESS »°^D=0AAB6C8DE415 

jpeg,imag e /gif ;q=：0 2 */*- a=n 1 mn g- | mage/png / i ma g e / 
A -ep t - L a nguage：en ； us ； e q n -； q=o5 

A ccept-Encoding ： gzip,deflate 

HTTP Request 
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session management 


The best part: the Cowtamcr does 
virtually aHthc cookie work! 


You do have to tell the Container that you want to create or use 
a session, but the Container takes care of generating the session 
ID, creating a new Cookie object, stuffing the session ID into the 
cookie, and setting the cookie as part of the response. And on 
subsequent requests, the Container gets the session ID from a cookie 
in the request, matches the session ID with an existing session, and 
associates that session with the current request. 


Sending a session cookie in the RESPONSE: 


HttpSession 


session 


■ request.getSession() 


That’s it. Somewhere in your service method you ask for a 
session, and everything else happens automatically. 

You don’t make the new HttpSession object yourself. 

You don’t generate the unique session ID. 

You don’t make the new Cookie object. 

You don’t associate the session ID with the cookie. 

You don’t set the Cookie into the response 
(under the Set-Cookie header). 


else! 

(TW, .ctW docs :。二微七 

匕上心 

恤』 hCCm A 

o( ourselves.) 


All the cookie work happens behind the scenes. 


Getting the session ID from the REQUEST: 


HttpSession session 


request.getSession() 


Look familiar? Yes, it’s exactly the same method used to generate 
the session ID and cookie for the response! 

IF (the request includes a session ID cookie) 

find the session matching that ID 

ELSE IF (there’s no session ID cookie OR there’s no current 
session matching the session ID) 

create a new session. 

All the cookie work happens behind the scenes. 


一 ID Zl Vj， t l t _ 士 
w, ^ ^ cxis-ti h a )^ h，h 9 

於吹 ir busily SBB ikr k，C 

S， ° h ^ ^ H io you；. 
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checking for a new session 


What if I wawt to know whether the session 
already existed or was just created? 


Good question. The no-arg request method, getSession(), returns a session 
regardless of whether there’s a pre-existing session. Since you always get an 
HttpSession instance back from that method, the only way to know if the 
session is new is to ask the session. 


public void doGet(HttpServletRequest request, HttpServletResponse response) 

throws 工 OException, ServletException { 


response . setContentType ( 、 'text/html 〃）； 
PrintWriter out = response.getWriter(); 
out. print In (''test session attributes<br >〃）； 


HttpSession session — request.getSession (); 





session unless 70 U asK t 





if ( session.isNew()) { 


: 

^ tw»s session IP- 


out .print In (''This is 
} else { 


out. print In (''Welcome 


a new session .’’）； 
back!"); 


0 ： 

You get a session by calling request.getSessionO, 
but is that the only way to get the session? Can’t you get 
it from the ServletContext? 

A ： 

You get a session from the request object because— 
think about it — the session is identified by the request. 
When you call getSession() on the Container you’re saying, 
"I want a session for THIS client... either the session that 
matches the session ID this client sent, or a new one. But 
in either case, the session is for the client associated with this 
request!' 

But there is another way that you can get a session... from 
a session event object. Remember, a listener class isn’t a 
servlet or JSP — it’s just a class that wants to know about 
the events. For example, the listener might be an attribute 
trying to find out when it (the attribute object) was added 
to or removed from a session. 


The event-handling methods defined by the listener 
interfaces related to sessions take an argument of type 
HttpSessionEvent, or its subclass, HttpSessionBindingEvent. 
And HttpSessionEvent has a getSession() method! 

So, if you implement any of the four listener interfaces 
related to sessions (we’ll get to that later in the chapter), 
you can access the session through the event-handling 
callback methods. For example, this code is from a class 
that implements the HttpSession Listener interface: 

public void sessionCreated(HttpSessionEvent event) { 
HttpSession session = event.getSession(); 

II event handling code 
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What if I wawt ONLY a pre-Gxistmg session? 

You might have a scenario in which a servlet wants to use only a previously- 
created session. It might not make sense for the checkout servlet, for example, 
to start a new session. 

So there’s an overloaded getSession(boolean) method just for that purpose. If 
you don’t want to create a new session, call getSession(false), and you’ll get 
either null, or a pre-existing HttpSession. 

The code below calls getSession(false), then tests whether the return value was 
null. If it was null, the code outputs a message and then creates a new session. 


public void doGet(HttpServletRequest request, HttpServletResponse response) 

throws 工 OException, ServletException { 


response . setContentType (''text/html 〃）； 
PrintWriter out = response.getWriter(); 


out. print In (''test sessions<br >〃）； 


HttpSession session — request.getSession(false); 



if (session==null) { 


Koy/ *bcs*t -fov 

■bKcvc >Mds already a session 
(七 r\o-av*5 ^ctScssiortO 

would Uivi-R 代七 uvrt null). 


p a ” 挪 e 

vcWv'S a 

.as ses ， o, 

asso^ated tW»s 如 t 


out • println (''no session was available ’’）； 
out. println (''making one. ••’’）； 

session = request.getSession () ; ^ - Hcv-c wc y/CVC 3 的 C m) ! ⑬ 

} else { 

out. println (''there was a session !’’）； 


o： 

Isn't the code above just a stupid, inefficient way 
to do the same thing as the opposite page? In the end, 
you still created a new session. 


蠢 


You’re right. The code above is just for testing how 
the two different versions of getSession() work. In the real 
world, the only time you'd want to use getSession(false) is 
if you do NOT want to create a new session. If your goal is 
to create a new session, but still respond differently if you 
know this is a new (versus pre-existing) session, then use 
the no-arg getSession() method, and simply ask the session 
if it’s new using the HttpSession isNewQ method. 


o： 

So it looks like getSession(true) is exactly the 
same as getSession() … 


\ I 

Right again. The no-arg version is a convenience 
for those times when you know that you always want a 
session, new or existing. The version that takes a boolean is 
useful when you know that you don’t want a new session, 
or when the decision of whether to make a new session 


happens at runtime (and you’re passing a variable into the 
getSession(someBoolean) method). 
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when cookies fail 


Gee...this all sounds 
nice but, uh, NEWS FLASH— 
anybody with half a brain disables 
cookies. How do you do sessions 
if you can’t use cookies? 



You caw do sessions gvgw if the client 
doc^Taccept cookies, but you have 
to do a little more work... 


We don’t agree that anybody with half a brain disables 
cookies. In fact, most browsers do have cookies enabled, 
and everything’s wonderful. But there’s no guarantee. 

If your app depends on sessions, you need a different way 
for the client and Container to exchange session ID info. 
Lucky for you, the Container can handle a cookie-refusing 
client, but it takes a little more effort from you. 

If you use the session code on the previous pages — calling 
getSession() on the request — the Container tries to use 
cookies. If cookies aren’t enabled, it means the client 
will never join the session. In other words, the session’s 
isNewQ method will always return true. 


A client with cookies disabled will ignore 
v “Set-Cookie” response headers 

se2/on went wrong 二”二 
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URL rewriting: something to fall back on 


If the client won’t take cookies, you can use URL rewriting as a back 
up. Assuming you do your part correctly, URL rewriting will always 
work — the client won’t care that it’s happening and won’t 
do anything to prevent it. Remember the goal is for the 
client and Container to exchange session ID info. Passing 
cookies back and forth is the simplest way to exchange 
session IDs, but if you can’t put the ID in a cookie, where 
can you put it? URL rewriting takes the session ID that’s in 
the cookie and sticks it right onto the end of every URL that comes 
in to this app. 

Imagine a web page where every link has a little bit of extra info (the 
session ID) tacked onto the end of the URL. When the user clicks 
that “enhanced” link, the request goes to the Container with that 
extra bit on the end, and the Container simply strips off the extra 
part of the request URL and uses it to find the matching session. 


URL + ;i seS 


sionid 55 


1234567 


HTTP/1.1 200 OK 

Content-Length. 39 / 4Q GMT 

Date: Wed, 19 Nov 2003 03.25.4U 
.Server: Apache-Coyote/1.1 

I Connection: close 


We add *bV^c session IP *to tv\A 
of all URLs m WTML v/c 
stv\d katk *m "t^c Response- 


； ref= »http://www.wickedlysmartxom/BeerTest.do ： jsess.on.d=0AAB6C^ 


|<html> 

<body> 

<a 
dick me 

</a> 

</body> 
|</html> 


HTTP Response 


丁 session IP tomes as \ y\(o 
/ sWk -to tv\d oi tiic Request WRL. (T\\t 
心 stnx\Co\oY\ sepava-bov is vcr\do\r-spc^»-fit.) 


Host ： www.wickedlysmart.com 

User-Agent ： Mozilla/5.0 
P ， ain ； q=0 ^ video /x P ^ 

Accept-Language ： en-us,en ； q= 0 .5 ㈣ ' 咖狀视 ㈣ 以严 ㈣ 」 

Accept-Encoding ： gzip,deflate 


HTTP Request 
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URL rewriting 


URL rewriting kicks in ONLY if cookies fail 
and ONLY if you tell the response to encode the URL 


If cookies don’t work, the Container falls back to URL rewriting, but only 
if you’ve done the extra work of encoding all the URLs you send in the 
response. If you want the Container to always default to using cookies first, 
with URL rewriting only as a last resort, you can relax. That’s exactly how it 
works (except for the first time, but we’ll get to that in a moment). But if you 
don’t explicitly encode your URLs, and the client won’t accept cookies, 
you don y t get to use sessions. If you do encode your URLs, the Container 
will first attempt to use cookies for session management, and fall back to URL 
rewriting only if the cookie approach fails. 


public void doGet(HttpServletRequest request, HttpServletResponse response) 


response . setContentType ( 、 'text/html 〃）； 

PrintWriter out = response.getWriter(); 
HttpSession session = request.getSession(); < _ 




throws 


SCSS' 0VX 


工 OException 


out.println(''<html><body >’’）； 

out .println (''<a href=\’’’’ + response • encodeURL (''/BeerTest • do’’) 

out • println (''</body></html>") ; ^ ^ 

|P *to *tW«s URL- 


j\dd c^-tva 


scss»on 


+、'\">click me</a>"); 


o ： 

Wait a minute... how DOES the Container know 
that cookies aren’t working? At what point does the 
Container decide to use URL rewriting? 


JTx A really dumb Container doesn’t care whether cook¬ 
ies work or not — the dumb Container will always attempt 
to send the cookie AND do URL rewriting each time, even 
if cookies are working. But here’s how a decent Container 
handles it: 

When the Container sees a call to getSessionO, and the 
Container didn’t get a session ID with the client’s request, 
the Container now knows that it must attempt to start a 
new session with the client. At this point, the Container 
doesn't know if cookies will work, so with this first response 
back to the client, it tries BOTH cookies and URL rewriting. 

0： 

Why can’t it try cookies first... and do URL rewrit¬ 
ing on the next response if it doesn't get back a cookie? 


X3. Remember, if the Container doesn’t get a session ID 
from the client, the Container won’t even KNOW that this is 
the next request from that client. The Container won’t have 
any way to know that it tried cookies the last time, and 
they didn’t work. Remember, the ONLY way the Container 
can recognize that it has seen this client before is if the 
client sends a session ID! 

So, when the Container sees you call request.getSession(), 
and realizes it needs to start a new session with this client, 
the Container sends the response with both a "Set-Cookie” 
header for the session ID, and the session ID appended to 
the URLs (assuming you used response.encodeURLO). 

Now imagine the next request from this client — it will 
have the session ID appended to the request URL, but if 
the client accepts cookies, the request will ALSO have a 
session ID cookie. When the servlet calls request.getSes- 
sion(), the Container reads the session ID from the request, 
finds the session, and thinks to itself, "This client accepts 
cookies, so I can ignore the response.encodeURLO calls. In 
the response, I’ll send a cookie since I know that works, and 
there’s no need for any URL rewriting, so I won’t bother...” 
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URL rewriting works with sendRedirectO 


You might have a scenario in which you want to redirect the 
request to a different URL, but you still want to use a session. 
There’s a special URL encoding method just for that: 


response. encodeRedirectURL ('' /BeerTest. do ; 






What about all my static HTML pages... they are full of <a 
href> links. How do I do URL rewriting on those static pages? 


蠢 


You can’t! The only way to use URL rewriting is if ALL the 
pages that are part of a session are dynamically-generated! You 
can't hard-code session ID's, obviously, since the ID doesn't exist 
until runtime. So, if you depend on sessions, you need URL rewriting 
as a fall-back strategy. And since you need URL rewriting, you have 
to dynamically generate the URLs in the response HTML! And that 
means you have to process the HTML at runtime. 

Yes, this is a performance issue. So you must think very carefully 
about the places where sessions matter to your app, and whether 
sessions are critical to have or merely good to have. 


o ： 

You said that to use URL rewriting, pages must be 
dynamically-generated, so does this mean I can do it with JSPs? 


蠢 


Yes! You can do URL-rewriting in a JSP, and there’s even a 
simple JSTL tag that makes it easy, <c:URL>, that you’ll see when 
you get to the chapter on using custom tags. 




Is URL rewriting handled in a vendor-specific way? 


蠢 


Yes, URL rewriting is handled in a vendor-specific way. Tom¬ 
cat uses a semicolonto append the extra info to the URL. Another 
vendor might use a comma or something else. And while Tomcat 
adds "jsessionid=” in the rewritten URL, another vendor might ap¬ 
pend only the session ID itself. The point is, whatever the Container 
uses as the separator is recognized by the Container when a request 
comes in. So when the Container sees the separator that it uses (in 
other words, the separator that it added during URL rewriting), it 
knows that everything after that is "extra info” that the Container 
put there. In other words, the Container knows how to recognize 
and parse the extra stuff it (the Container) appended to the URL. 


URL rewriting is automata. 
but only if you encode your 
URLs. YOU have to run all your 
TJHLs a mefliod of the 

response object-encodeTJKL() or 
encodeRedirecfORLO-and the 
Container does everydiing else. 


URL encoding is 
handled by the 
Response! 

Don，t forget that the encodeURL() 
method is something you call on your 
HttpServletResponse object! You don t call 
it on m request, or on your context, or your 
session object. Just remind yourself that 
URL encoding is all about the response. 
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sess/on management 


Don，t be fooled by a request parameter 
^ esS Lid” or a «JSESSION.D« header. 

： ZtVs7oin7s^ 

String sessionID = request. getParameter (''jsessionid^); 

Andy0 u shouidn, see a custom ^jsessionid^eader in a request or response. 

POST /select/selectBeerTaste.do HTTP/1.1 
User-Agent: Mozilla/5.0 

JSESSIONID: 0AAB6C8DE41 5 * Do 灼’七 do |*t’s supposed *to be a headevf 

ln fact , the ONLY place a “jsessionid” belongs is inside a cookie header: 

POST /select/selectBeerTaste.do HTTP/1.1 TWtS ^ T 

MS::—〆 

or appended f the end Qfa URL as “e 耐 nfo”: 〆 

POST /select/selectB 邮 Taste 血 jsessioiiic^AAB^DEM 5__ 


BULLET POINTS - 

■ URL rewriting adds the session ID to the end of all the URLs in the 
HTML that you write to the response. 

■ The session ID then comes back with the request as “extra” info at 
the end of the request URL 

■ URL rewriting will happen automatically if cookies don’t work with 
the client, but you have to explicitly encode all of the URLs you 
write. 

■ To encode a URL, call response.encodeURL(aString). 

out. println (''<a href =/r 〃 

+ response.encodeURL (''/BeerTest .do ’’） 

+ ''、>click me</a >’’）； 

■ There’s no way to get automatic URL rewriting with your static 
pages, so if you depend on sessions, you must use dynamically- 
generated pages. 
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session management 


I REALLY don’t want a 
bunch of stale sessions sitting 
around in my server taking 
up valuable space... 



/ 

(杆 c to 

C ^P^Sioh p^k .； 





Getting rid of sessions 

The client comes in, starts a session, then changes her 
mind and leaves the site. Or the client comes in, starts a 
session, then her browser crashes. Or the client comes in, 
starts a session, and then completes the session by making 
a purchase (shopping cart check-out). Or her computer 
crashes. Whatever. 

The point is, session objects take resources. You don’t 
want sessions to stick around longer than necessary. 
Remember, the HTTP protocol doesn’t have any 
mechanism for the server to know that the client is gone. 
(In distributed application terms, for those of you familiar 
with them — there’s no leasing)* 

But how does the Container (oryou) know when the 
client walked away? How does the Container know when 
the client’s browser crashed? How does the Container 
know when it’s safe to destroy a session? 


FLEX YOUR MIND 

What are strategies you (and the Container) might 
use to manage the number of sessions, and eliminate 
unneeded sessions? What are some possible ways 
in which the Container could tell that a session is no 
longer needed? 

Think about it, then look at the HttpSession API a few 
pages from now for clues. 


*Some distributed apps use leasing as a way for the server to know when 
a client is gone. The client gets a lease from the server, and then must 
renew the lease at specified intervals to tell the server that the client is 
still alive. If the client’s lease expires, the server knows it can destroy any 
resources it was holding for that client. 
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abandoned sessions 


How wc want it to work... 

We’d like the Container to recognize when a session has been 
inactive for too long, and destroy the session. Of course we 
might have to fight the Container over what “too long’’ really 
means. Is 20 minutes too long? An hour? A day? (Maybe there’s 
a way for us to tell the Container what “too long’’ is.) 


① 


Diane selects ''Dark" 
and hits the submit 
button. 



The Container sends the 
request to a new thread of 
the BeerApp servlet. 


The Container makes a new ses¬ 
sion, ID# 343. The M J5E55IONID 〃 
cookie is sent back to Diane in the 
response (not shown). 



Web Container 


② 


Diane vanishes, 
mysteriously. 



The Container does whatever 
Containers do in their spare time 
(although there are probably 
plenty of other clients to service). 




Web Container 


iervletA 


The session started for Diane is still 
sitting there... waiting... abandoned 


\ 

ID# 343 



③ 


Diane doesn’t return. 
Minutes go by... 


The Container checks the state of 
session # 343 and finds that no 
requests have come in with that 
session ID for 20 minutes. 


The Container says, ''20 minutes 
is just too long. Shes not coming 
back/ 1 and destroys the poor, 
abandoned session. 




々 ervletA/ 


丁 Ws \s ^ 




Web Container 
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session management 


The HttpScssioM interface 

All you care about when you call getSession() is that 
you get an instance of a class that implements the 
HttpSession interface. It’s the Container’s job to 
create the implementation. 

Once you have a session, what can you do with it? 

Most of the time ， you，ll use sessions to get and set 
session-scoped attributes. 

But there’s more, of course. See if you can figure out 
some of the key methods for yourself (answers are on 
the next page, so don’t turn the page!) 


cf^^rpen your pencil 


What it does 


«interface» 

y^tt P s essh 

Object g e tAttri bute(St 「 ing) 

,on 3 getCreationTimef) 

String getld() 

bng getLastAcc essedTime() 

,nt 9etMax/nactive/nterva/() 
Serv,e tContextgetServ/eta 
void invalidate() 
bo °/ean isNew() 

void r ^oveAttribute(String) 

______ 

: d _ 咖 _ 咖 _) 

^ a more methods 


sion 


ontext() 


What you’d use it for 


getCreationTimef) 



getLastAccessedTime() 



setMaxlnactivelnterval() 



getMaxlnactivelnterval() 



invalidatef) 
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HttpSession methods 


Key HttpSession methods 

You already know about the methods for attributes 
(getAttribute(), setAttribute(), removeAttribute()), but here 
are a few key ones you might need in your application 
(and that might be on the exam). 


What it does What you’d use it for 


getCreationTimef) 

Returns the time the 
session was first created. 

To find out how old the session is. You might want to restrict 
certain sessions to a fixed length of time. For example, you 
might say, “Once you’ve logged in, you have exactly 10 
minutes to complete this form...” 

getLastAccessedTimef) 

Returns the last time the 
Container got a request 
with this session ID (in 
milliseconds). 

To find out when a client last accessed this session. You 
might use it to decide that if the client’s been gone a long 
time you’ll send them an email asking if they’re coming 
back. Or maybe you'll invalidate() the session. 

setMaxlnactivelnterval() 

Specifies the maximum 
time, in seconds, that you 
want to allow between client 
requests for this session. 

To cause a session to be destroyed after a certain amount 
of time has passed without the client making any requests 
for this session. This is one way to reduce the amount of 
stale sessions sitting in your server. 

getMaxlnactivelnterval() 

Returns the maximum time, 
in seconds, that is allowed 
between client requests for 
this session. 

To find out how long this session can be inactive and still be 
alive. You could use this to judge how much more time an 
inactive client has before the session will be invalidated. 

invalidatef) 

Ends the session. This 
includes unbinding all 
session attributes currently 
stored in this session. (More 
on that later in this chapter.) 

To kill a session if the client has been inactive or if you 

KNOW the session is over (for example, after the client does 
a shopping check-out or logs out). The session instance 
/tee/f might be recycled by the Container, but we don’t care. 
Invalidate means the session ID no longer exists, and the 
attributes are removed from the session object. 



FLEX YOUR MIND 


Now that you’ve seen these methods, 
can you put together a strategy for 
eliminating abandoned sessions? 
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session management 


You can't be serious... does 
this mean that I have to 
keep track of session activity 
and that I have to destroy 
the stale sessions? Can’t the 
Container do that? 


Setting session timeout 



Good news: you don’t have to keep track of this yourself. See those 
methods on the opposite page? You don’t have to use them to get 
rid of stale (inactive) sessions. The Container can do it for you. 

Three ways a session can die: 

y It times out 

>► You call invalidate0 on the session object 

>► The application goes down (crashes or is undeployed) 


① Configuring session timeout in the DD 


Configuring a timeout in the DD has virtually the 
same effect as calling setMaxInactivelntervalQ on 


every session that’s created. 

<web-app ...> 

<servlet> 

參參參 

</servlet> 


<session-config> 



<session-timeout>15</session-timeout 〉 

</session-config> 

</web-app> 


Timeouts in 
the DD are 
in MINUTES! 

Here’s a big inconsistency to 
watch out for... you specify 
timeouts in the DD using 
MINUTES, but if you set a 
timeout programmatically, you 
specify SECONDS! 


( 5 ) Setting session timeout for a specific session 

If you want to change the session-timeout value for 
a particular session instance (without affecting the 
timeout length for any other sessions in the app): 


session.setMaxInactivelnterval(20*60); 


" cihod - 


The *to method is'm sttoY\ds, 

so -this says i-f *thc doesn't make any 

v-c^ucs*ts session -Pov 2-0 minutes, kill i*t . 决 


决 The session, ho 七 -the 


you are here ► 245 






session timeout exercise 


Code Magnets 


Specify in both the DD, and programmatically, that if a ses¬ 
sion does not receive any requests for 20 minutes, it should 
be destroyed. We put one magnet in the servlet for you, to 
get started, and you might not use all magnets. 


DD 



- Servlet 


public void doGet(HttpServletRequest request, HttpServletResponse response) 

throws 工 OException 



\ 


0 

getServletContext() 

.getSession ()； 
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BE lire Container 

Each of the two listings represents code 
from a con^iled IfttpServlet Your job is 
to tiling like tire Container and determine 
what will happen when eacK of tiiese 

sepvlets ape invoked twice by 
tire same client. Describe 
what happens tire first and 
second time tire same client 
accesses tire servlet. 



① 


public void doGet(HttpServletRequest request, HttpServletResponse response) 

throws 工 OException { 

response . setContentType (''text/html ”）； 

PrintWriter out = response.getWriter(); 

HttpSession session = request.getSession(); 
session . setAttribute (''foo 〃， 'M2 ”）； 
session . setAttribute (''bar” ， 'M20 ”）； 
session.invalidate(); 

String foo = (String) session . get Attribute (''foo^); 
out. print In (''Foo : '' + foo); 


public void doGet(HttpServletRequest request, HttpServletResponse response) 

throws 工 OException { 

response . setContentType ( 、 'text/html 〃）； 

PrintWriter out = response.getWriter(); 

HttpSession session = request.getSession(); 
session . setAttribute (''foo 〃，、 '42 〃）； 
session.setMaxInactiveInterval(0); 

String foo = (String) session • getAttribute ( 、 'foo ’’）； 
if (session.isNew()) { 

out. print In (''This is a new session .’’）； 

} else { 

out. print In (''Welcome back !’’）； 


out. print In (''Foo : '' + foo); 
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exercise answers 



Code Magnets 

Answers 


Specify in both the DD, and programmatically, 
that if a session does not receive any requests 
for 20 minutes, it should be destroyed. 


DD 



<session-config> 



<session-timeout> 

20 


MINUTE 



^Tweb^app^ 


- Servlet - 

public void doGet(HttpServletRequest request, HttpServletResponse response) 

throws 工 OException { 



HttpSession 


request.getSession(); 



setMaxInactivelnterval( 





setSessionTimeout( 



setCreationTime( 


1 



getServletContext().getSession() 
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BE lire Container 
Answers 


① 


public void doGet(HttpServletRequest request, HttpServletResponse response) 

throws 工 OException { 

response . setContentType ( 、 'text/html 〃）； 

PrintWriter out = response.getWriter(); 

HttpSession session = request.getSession(); 

session . setAttribute (''foo 〃， 'M2 〃）； 

session • setAttribute (''bar” ，、 '420 〃）； 

session. invalidate () ； ^ v/e mvalidatc session 


String foo = (String)session. getAttribute ( 、 'foo"); 


out. print In (''Foo : '' + foo); 


l-t's WJaic -to tall 

ort i\\t session 

betake session already IS 


Result: a runtime exception (HlegalStateException) is 
thrown because you can’t get an attribute AFTER the 
session becomes invalid. 


m 


valid! 


② 


public void doGet(HttpServletRequest request, HttpServletResponse response) 

throws 工 OException { 

response . setContentType ( 、 'text/html 〃）； 

PrintWriter out = response.getWriter(); 


HttpSession session = request.getSession(); 
session . setAttribute (''foo 〃， ''42 〃）； 

session. setMaxInactivelnterval (0) ; ^ - / 

String foo = (String) session • getAttribute (''foo ’’）； 


v/cVc C.3iAsnr\^ "tV>c session *to 

七 Wou 七 IMMEPIATElV ，because 
say'm^ w *tWou 七 a*fW 0 
sctoy\ds <^f . 


if ( session.isNew()) 




out. print In (''This is a new session .’’） 
else { 

out. print In (''Welcome back!"); 


out. print In (''Foo : 


foo); 


You t,a\\ is/VcwO Oh a scssioh thats 
f c3d y ^daied. So ii f s ^ally ih c 

ST+r = 仏“。 dc aW .. 

taU th,s method Oh ah ihvalid scssioh. 


Result: a runtime exception (HlegalStateException) is thrown 
because you can’t call isNew() on the session AFTER the session 
becomes invalid. Setting the maximum inactive interval to 0 
means the session times out and is invalidated immediately! 
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custom cookies 


Can I use cookies for other things, or 
arc they only for sessions? 


Although cookies were originally designed to help support 
session state, you can use custom cookies for other things. 
Remember, a cookie is nothing more than a little piece of 
data (a name/value String pair) exchanged between the 
client and server. The server sends the cookie to the client, 
and the client returns the cookie when the client makes 



another request. 

One cool thing about cookies is that the user doesn’t 
have to get involved — the cookie exchange is automatic 
(assuming cookies are enabled on the client, of course). 

By default, a cookie lives only as long as a session; once the 
client quits his browser, the cookie disappears. That’s how 

the “JSESSIONID” cookie works. But you can tell a cookie 
to stay alive even AFTER the browser shuts down. 

That way, your web app can still get the cookie information 
even though the session with that client is long gone. 
Imagine that Kim wants to display the user’s name each 
time he returns to the beer site. So he sets the cookie the 
first time he receives the client’s name, and if he gets the 
cookie back with a request, he knows not to ask for the 
name again. And it doesn’t matter if the user restarted his browser 
and hasn’t been on the site for a week! 



You can use cookies to 
exchange name/value 
String pairs between ^ie 
Server and 也 e client. 

The server sends 也 e 
cookie to ^ie client, and 
也 e client sends it bad 
widi each subsequent 
request. 

Session cookies vanisK 

client’s browser 
guitS, b«t you CM tell 
a cookie to persist on 
ihe client even after 也 e 
browser shirts down. 


User — A no »-»•§■ • A 4 - ■■■ 


HTTP/l.i 


Us er-Agent: Mozilla/5.0 

html;q=o.9,text/plai n ； q= o°8 v ^7 ， T P，ICatl0 ^ 

JPeg,image/gif ;q= o.2 i V * ;q=0 j ^ X ' mn9 - ima ge/png,i mag 

Accept-Lang U age ； en- us ,en ； q =o.5 

ccept-Encoding ： gzip,deflate 


Glicirrt scr\ds 
-this bddk- 
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Using Cookies with the Servlet API 


You can get cookie-related headers out of the HTTP 
request and response, but don’t. Everything you need 
to do with cookies has been encapsulated in the 
Servlet API in three classes: HttpServletRequest, 
HttpServletResponse, and Cookie. 


javax.serv 

getContextPath() 

getCooki^O 

getHeader(String) 
getQueryStringO 
getSession() 

// MANY more 


«interface» 


letRequest 


iriothods.■■ 


《 interface 〉〉 

javax.servlet.http.HttpServletResponse 
addCookief) 

addHeader() 
encodeRedirectURL() 
sendError() 
setStatus() 

II MANY more methods... 


c ookie(String, string) 

String getDomainf) 
int 96tMaxAge() 

String getName() 

String getPath() 
boolean getSecure() 
St 「 in 9 9etValue() 
void setD °main(String) 
void setMaxAgefint) 
void se tPath(String) 

V0ld setv 3lue(String) 

// a few more methods 


Creating a new Cookie 

Cookie cookie = new Cookie (''username", name); 


Setting how long a cookie will live on the client 

cookie.setMaxAge(30*60); 


Sending the cookie to the client 

response.addCookie(cookie); 




Getting the cookie(s) from the client request 


Cookie[ ] cookies = request.getCookies(); 
for (int i = 0; i < cookies.length; i++) { 

Cookie cookie = cookies[i]; 
if (cookie . getName () • equals (''username")) 
String userName = cookie.getValue(); 
out. print In (''Hello '' + userName); 
break; 


二 〆 
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cookie example 


Simple custom cookie example 


So, imagine that Kim wants to put up a form that asks the user to submit his 
name. The form calls a servlet that gets the username request parameter, 
and uses the name value to set a cookie in the response. 

The next time this user makes a request on ANY servlet in this web app, the 
cookie comes back with the request (assuming the cookie is still alive, based 
on the cookie’s maxAge value). When a servlet in the web app sees this 
cookie, it can put the user’s name into the dynamically-generated response, 
and the business logic knows not to ask the user to input his name again. 

This code is a simplified test version of the scenario we just described. 

Servlet that creates and SETS the cookie 

import javax.servlet.*; 
import j avax.servlet.http.*; 
import java.io.*; 

public class CookieTest extends HttpServlet { 

public void doPost(HttpServletRequest request, HttpServletResponse response) 

throws 工 OException, ServletException { 


response . setContentType (''text/html ”）； 



String name = request. getParameter (''username^) 


; 〆 slated m tV>e U 


Cookie cookie = new Cookie (''username", name); 


; < - a h 


hey/ Cookie 


cookie.setMaxAge(30*60); 


« — 



uscirs 


response.addCookie(cookie); 


\rcspohsc header. 



Let 3 J£P 


RequestDispatcher view = request.getRequestDispatcher(''cookieresuit.j sp^ 
view.forward(request, response); 


JSP to render the view from this servlet 


<htmlxbody> 

<a href= 〃 checkcookie•do〃>click here</a> 
</body></html> 
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Custom cookie example continued... 

Servlet that GETS the cookie 

import j avax.servlet.*; 
import j avax.servlet.http.*; 
import j ava.io.*; 

public class CheckCookie extends HttpServlet { 

public void doGet(HttpServletRequest request, HttpServletResponse response) 

throws 工 OException, ServletException 


response . setContentType (''text/html ”）； 
PrintWriter out = response.getWriter(); 

Cookie[] cookies = request.getCookies(); 

if ( cookies != null ) { 

for (int i = 0; i < cookies.length; i++) { 

Cookie cookie = cookies[i]; 
if (cookie . getName () • equals (''username ”）） 
String userName = cookie.getValue(); 
out. print In (''Hello '' + userName); 
break; 


^ tooW ' cs 
Jfvom VC*\VACst- 


卜 oop thjrough the dookic av-v-ay 
looking -fo\r a dookic 
usc\fha^c W . l-f is oy\C, act 

七 he v^luc 3hd plrih 七 i 七 . 



: 馳 X:. 

: F or the exam , ^ 0c/s * 

: me moriz e every n d0n t have to 

' f 7 c/ ^s Cookie bu^vo method ^ 

know request ^nH U mUSt 
_hods to 0 Jl l d res Pons e 
You should also 口 如 d Cookies •: 

⑺齡⑽。厂:时 ㈣ 00 如 : 


Don’t confus© Cooki©s 
with headers! 

When you add a header to a response, you pass the name 
and value Strings as arguments: 

response. addHeader(''foo^ ''bar"); 

B 二; T 二 

Cookie constructor. 

Cookie cookie = new Cookxe(^name^ name); 

response.addCookie(cookie); 

And rem ember too, that there’s both a setHeader() and 

a. aSeaderO ^od 

Z7xiSngvalu e e). Butmere^NOTa setCookie() method. 
There’s only an addCookieQ method. 
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session lifecycle moments 


Key milestones for aw HttpSessiow 

Highlights of the important moments in an 
HttpSession object’s life: 


The session is created or destroyed. 




Session attributes are added ， removed ， 
or replaced by other parts of the app. 



The session is passivated in one VM and 
activated in another within a distributed app. 






VMl 


ge , ready -ove ^ 


Container A-l 








254 chapter 6 





























session management 


Session lifecycle Events 

Milestone Event and Listener type 


Lifecycle 

The session was created 

When the Container first creates a session. At this point, the 
session is still considered new (in other words, the client has not 
yet sent a request with the session ID). 


The session was destroyed 

When the Container invalidates a session (because the session 
timed out or some part of the application called the session’s 
invalidate() method). 


HttpSessionEvent 



* 


HttpSessionListener 


Attributes 

An attribute was added 

When some part of the app calls setAttribute() on the session. 

An attribute was removed 

When some part of the app calls remove Attribute () on the session. 

An attribute was replaced 

When some part of the app calls setAttribute() on the session, and 
the name of the attribute has already been bound to the session. 


HttpSessionBindingEvent 



* 


HttpSessionAttributeListener 


Migration 

The session is about to be passivated 

When the Container is about to migrate (move) the session into 
a different VM. Galled before the session moves, so that attributes 
have a chance to prepare themselves for migration. 


The session has been activated 

When the Container has migrated (moved) the session into a 
different VM. Galled before any other part of the app can call 
getAttribute() on the session, so the just-moved attributes have a 
chance to get themselves ready for access. The se 


HttpSessionEvent 





* 


HttpSessionActivationListener 
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HttpSession BindingListener 


Pow't forget about HttpSessioh^indingListener 


The events on the previous page are for key moments in the life of the 
session. But the HttpSessionBindingListener is for key moments in the 
life of a session attribute. Remember from chapter 5 where we looked at 
how you might use this — if, for example, your attribute wants to know 
when it’s added to a session so that it can synchronize itself with an 
underlying database (and update the database when it’s removed from a 
session). Here’s a little review from the previous chapter: 


package com.example; 
import j avax.servlet.http. 







public class Dog implements HttpSessionBindingListener 

private String breed; 


This listener is just so 
that I can find out when I'm put 
into a session (or taken out). It 
won’t tell me anything about 
other session events. 



public Dog(String breed) { 
this.breed=breed; 

} 

public String getBreed() { 

return breed; 




public void valueBound ( HttpSessionBindingEvent event) 

// code to run now that 工 know I'm in a session 




public void valueUnbound(HttpSessionBindingEvent event) { 

// code to run now that 工 know 工 am no longer part of a session 
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Session migration 

Remember from the previous chapter, we talked briefly about distributed web 
apps, where the pieces of the app might be replicated across multiple nodes in 
the network. In a clustered environment, the Container might do load-balancing by 
taking client requests and sending them out to JVMs (which may or may not be on 
different physical boxes, but that doesn’t matter to us). The point is, the app is in 
multiple places. 

That means each time the same client makes a request, the request could end up 
going to a different instance of the same servlet. In other words, request A for Servlet 
A could happen on one VM, and request B for Servlet A could end up on a different 
VM. So the question is, what happens to things like ServletGontext, ServletGonfig, 
and HttpSession objects? 

Simple answer, important implications: 

Only HttpSession objects (and their attributes) move from one VM to another. 

There is one ServletGontext per VM. There is one ServletGonfig per servlet, per VM. 

But there is only one HttpSession object for a given session ID per web app ， 
regardless of how many VM } s the app is distributed across. 



The Peer Web App distributed across two YMs 


VMl 

Beer Web App 


ervlet A 


Servlet B 


Ko*tc ： is duplicated 

\y\ sedo^d scv-vcv- EXCEPT 

■the WttpScssio 灼 

Sessions live \y\ oy\ ly ONE pla^c 
momeyrt. The 

same session \V U 
v/cb app v/ill UBVBR appear 
*t>/o \/Ms a*t same -time. 


HOT 


tt*t*tpScssioir\ is duplicated 

OY\ 


5e^ 




Bsdh scv-vlc*t has i*ts ov/y\ 
Scv-vlc*tCoir\-fij, By\A bo*th 
sc\rvlc*b 仏 c v/cb app 

shd\re d Scv-vlc*tCo^*tc>^t 


VM2 

Beer Web App 
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Session migration in action 

How an app server vendor handles clustering and web app 
distribution varies with each vendor, and there’s no guarantee in 
the J2EE spec that a vendor has to support distributed apps. But the 
picture here gives you a high-level idea of how it works. The key point 
is that while other parts of the app are replicated on each node/VM, 
the session objects are moved. And that is guaranteed. In other words, 
if the vendor does support distributed apps, then the Container is 
required to migrate sessions across VMs. And that includes migrating 
session attributes as well. 


① 


Diane selects ''Pale" 
and hits the submit 


The Load-Balancing server 
decides to send the request 


The Container makes a new session, ID# 
343. The ''J5ES5IONIO" cookie is sent 



② 


Diane selects 、、 Bitter 〃 and 
hits the submit button. 
Her request also includes 


This time, the Load-Balancing The Container gets the request, sees the 
server decides to send the session ID, and realizes that the session 
request to Container A-2 in is on a different VM, VM One! 
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③ 


The session #343 migrates from VM One to 
VM Two. In other words, it no longer exists 
on VM One once it moves to VM Two. 

This migration means the session was 
passivated on VM One, and activated 
on VM Two. 





Load-balancing 

Server/Container 



④ 



The Container makes a new thread for Servlet A, 
and associates the new request with the recently- 
moved session #343. 

Dianes new request is sent to the thread, and 
everybody is happy. Diane has no idea what 
happened (except for the slight delay/latency 
waiting for the session to move). 




Load-balancing 

Server/Container 
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HttpSessionActivationListener 


HttpScssioMActivatiowListcwcr lets attributes 
prepare for the big wove... 

Since it’s possible that an HttpSession can migrate from one VM to 
another, the spec designers thought it would be nice if someone 
bothered to tell the attributes within the session that they, too, 
were about to move. That way the attributes can make sure they’ll 
survive the trip. 


This listener is so that 
as an attribute, I can find out 
when I'm about to be moved to a 
new VM as part of a session, and 
I can make sure my instance 
variables are ready... 


If all your attributes are straightforward Serializable objects that 
don’t care where they end up, you’ll probably never use this listener. 
In fact, we’re guessing 95.324% of all web apps never use this 
listener. But it’s there if you need it, and the most likely use of 
this listener is to give attributes a chance to make their instance 
variables ready for Serialization. 

Session migration and Serialization 

Now it gets a little tricky... 

A Container is required to migrate Serializable attributes (which 
assumes that all instance variables within the attribute are either 
Serializable or null). 



《 interface 〉〉 

HttpSessionActivationListener 


sessionDidActivate(HttpSessionEvent) 
sessionWillPassivate(HttpSessionEvent) 





But a Container is not required to use Serialization as the means javax.servlet.http.HttpSessionActivationListener 

for migrating the HttpSession object! 


What does this mean to you? Simple: make sure your attribute 
class types are Serializable and you never have to worry about it. 
But if they’re not Serializable (which could be because one of the 
attribute object’s instance variables is not Serializable), have your 
attribute object class implement HttpSessionActivationListener 
and use the activation/passivation callbacks to work around it. 



260 chapter 6 








session management 


Listener examples 

Over the next three pages, pay attention to the event object 
types and to whether the listener is also an attribute class. 


Session counter 

This listener lets you keep track of the number of active 
sessions in this web app. Very simple. 


package com.example; 
import javax.servlet.http.*; 


public class BeerSessionCounter implements HttpSessionListener { 


static private int activeSessions; 

public static int getActiveSessions() 
return activeSessions; 


public void sessionCreated(HttpSessionEvent event) 

activeSessions++; 


public void sessionDestroyed (HttpSessionEvent event) 

activeSessions--; 




These methods -take 


ffbtpSessicmEv 伙七 . 



Configuring the listener in the DD 

<web-app ...> 


<listener> 

<listener-class> 

com.example.BeerSessionCounter 
</listener-class> 

</listener> 

</web-app> 


a- lV \ e OVMi.$ 咖如 
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Listener examples 


Attribute Listener 

This listener lets you track each time any attribute is 
added to, removed from, or replaced in a session. 


TW»s 





but 


package com.example; 
import javax.servlet.http. 


public class BeerAttributeListener implements HttpSess LonAttribu teListener { 
public void attributeAdded(HttpSessionSindingEvent event) { 



String name = event.getName(); 
Object value = event.getValue( 


System. out. print In (''Attribute added : '' + name + : '' + value); 

} 

public void attributeRemoved(HttpSessionBindingEvent event) { 

String name = event.getName(); 

Object value = event.getValue(); 

System. out. print In (''Attribute removed : '' + name + : '' + value); 

} 

public void attributeReplaced(HttpSessionBindingEvent event) { 

String name = event.getName(); 

Object value = event.getValue(); 

System. out. print In (''Attribute replaced : '' + name + : '' + value); 


Configuring the listener in the DD 



Hey, what the heck are you printing 
to? Where does System.out go in a web app? 


<web-app ...> 



</web-app> 


<listener> 


</listener-class> 

</listener> 


<listener-class> 


com.example.BeerAttributeListener 


Wherever this Container chooses to 
send it (which may or may not be configurable 
by you). In other words, in a vendor-specific 
place, often a log file. Tomcat puts the output 
in tomcat/logs/catalina.log. You’ll have to read 
your server docs to find out what your Con¬ 
tainer does with standard output. 
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Listener examples 


Attribute class (listening for events that affect IT) 

This listener lets an attribute keep track of events that might be 
important to the attribute itself — when it’s added to or removed from 
a session, and when the session migrates from one VM to another. 


package com.example; 
import javax.servlet.http.*; 
import java.io.*; 


public class Dog implements HttpSessionBinciingListener, 

HttpSessionActivationListener, Serializable { 

private String breed; 

// imagine more instance variables, including 
// some that are not Serializable 


// imagine constructor and other getter/setter methods 

public void valueBound ( HttpSessionBindingEvent event) { 

// code to run now that 工 know I'm in a session 


public void valueUnbound(HttpSessionBindingEvent event) { 

// code to run now that 工 know 工 am no longer part of a session 



Session b’mdmq 


public void sessionWillPassivate (HttpSessionEvent event) 

// code to get my non-Serializable fields in a state 
// that can survive the move to a new VM 


public void sessionDidActivate (HttpSessionEvent event) { 

// code to restore my fields. . . to redo whatever 工 undid 
// in sessionWillPassivate() 


0 

/ Session yfcva 七 i 。 的 

> (bu*t r\o\Att 七 

V methods Sy\ 

)ffbtpSessio 灼 Ewt). 
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Session - related Listeners 


Scenario 

Listener interface/ 
methods 

Event type 

Usually implemented by 

You want to know how 
many concurrent users 
there are. In other words, 
you want to track the active 
sessions. 

HttpSessionListener 

(javax.servlet.http) 

sessionCreated 

sessionDestroyed 

HttpSession Event 

□ An attribute class 

^^^Some other class 

You want to know when a 
session moves from one 

VM to another. 

HttpSessionActivationListener 

(javax.servlet.http) 

sessionDidActivate 
session WillPassivate 

HttpSessionEvent 

An attribute class 

_^Some other class 

You have an attribute class 
(a class for an object that 
will be used as an attribute 
value) and you want objects 
of this type to be notified 
when they are bound to or 
removed from a session. 

HttpSessionBindingListener 

(javax.servlet.http) 

valueBound 

valueUnbound 

HttpSessionBindingEvent 

attribute class 

□ Some other class 

You want to know when 
any session attribute 
is added, removed, or 
replaced in a session. 

HttpSessionAttributeListener 

(javax.servlet.http) 

attribute Added 

attributeRemoved 

attributeReplaced 

HttpSessionBindingEvent 

□ An attribute class 
^f^Some other class 


HttpSessionListener methods take = ttf ^^ld:= S n BindingEvents. 

rceXsel—^ 

Zre was no need for the API to add two more event classes. 
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Session - related Evewt Listeners 
and Evcwt Objects API overview 


〈〈 interface 〉〉 

HttpSessionActivationListener 




A 


sessionDidActivate(HttpSessionEvent) 
session WillPassivate (HttpSessionEvent) 



〈〈 interface 〉〉 

HttpSessionListener 





▲ 


sessionCreated(HttpSessionEvent) 
sessionDestroyed(HttpSessionEvent) 



〈〈 interface 》 

HttpSessionBindingListener 




valueBound(HttpSessionBindingEvent) 

valueUnbound(HttpSessionBindingEvent) 



〈〈 interface 〉〉 

HttpSessionA ttributeListener 




attributeAdded(HttpSessionBindingEvent) 

attributeRemoved(HttpSessionBindingEvent) 

attributeReplaced(HttpSessionBindingEvent) 




HttpSessionEvent 

J 

K 

getSession() 

/ 

\ 


HttpSessionBindingEvent 


getSession() 

getName() 

getValue() 



The rwC*t^od 

of a*t*tvibu*tc 

*tvig5cv-cd *thc 

The jc*t\/alucO rwethod 

objcd*t value of a*t*tv"ibu*tc 
*tvig5cv-cd *thc lVa*kh 
ou 七 ,I 七 *thc old value ； y\o{, 

the new ov\t- o*t^C\r y/o\rds, it 

vc*tu\nr\s value attribute 
had BEFORE i\\t 七 

-tv-igjcv-cd 七 he cy/cr\i! 
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sess/on listeners 


貧 ^^rpen your pencil 


Session-related Listeners 

Yes, this is almost an exact copy of the table from two pages back, 
so don’t go there. Try to think through these listeners and put down 
your best guess. You can expect at least two, and as many as 
four questions on the exam about session listeners. Use both your 
memory and common sense to fill this out. 


Scenario 

Listener interface/ 
methods 

Event type 

Usually implemented by 

You want to know when a 
session is created. 



□ An attribute class 

□ Some other class 

An attribute wants to know 
when it has been moved 
into a new VM. 



□ An attribute class 

□ Some other class 

An attribute wants to know 
when it has been replaced 
in a session. 



□ An attribute class 

□ Some other class 

You want to be notified 
whenever anything is 
bound to a session. 



□ An attribute class 

□ Some other class 
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c 办尹尹在它 


TKoc^ Zxom 6 


Given: 

10. public class MyServlet extends HttpServlet { 


11. 

pu 

12. 

13. 

// 

14. 

// 

15. 

// 

16. 

// 

17. 

} 

18. 

} 


HttpServletResponse response) 
throws IOException , ServletException { 


Which line(s) could be uncommented without causing a compile or runtime error? 
(Choose all that apply.) 


□ A. 

□ B. 

□ G. 

□ D. 

□ E. 

□ F. 


Line 13 only. 

Line 14 only. 

Line 15 only. 

Line 16 only. 

Line 13 or line 15. 
Line 14 or line 16. 


If a client will NOT accept a cookie, which session management mechanism 
could the web container employ? (Choose one.) 

口 A. Cookies, but NOT URL rewriting. 

口 B. URL rewriting, but NOT cookies. 

Q G. Either cookies or URL rewriting can be used. 

Q D. Neither cookies nor URL rewriting can be used. 

□ E. Cookies and URL rewriting must be used together. 
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Which statements about HttpSession objects are true? 
(Choose all that apply.) 

Q A. A session whose timeout period has been set to -1 will 
never expire. 

□ B. A session will become invalid as soon as the user closes 

all browser windows. 

O C. A session will become invalid after a timeout period 
defined by the servlet container. 

□ D. A session may be explicitly invalidated by calling 

HttpSession.invalidateSession(). 



Which of the following are NOT listener event types in the J2EE 1.4 API? 
(Choose all that apply.) 


□ 

A. 

□ 

B. 

□ 

G. 

□ 

D. 

□ 

E. 


HttpSessionEvent 

ServletRequestEvent 

HttpSessionBindingEvent 

HttpSessionAttributeEvent 

ServletContextAttributeEvent 



Which statements about session tracking are true? 


(Choose all that apply.) 


□ 

A. 

□ 

B. 

□ 

G. 

□ 

D. 

□ 

E. 


URL rewriting may be used by a server as the basis for 
session tracking. 

SSL has a built-in mechanism that a servlet container could 
use to obtain data used to define a session. 

When using cookies for session tracking, there is no 
restriction on the name of the session tracking cookie. 

When using cookies for session tracking, the name of the 
session tracking cookie must be JSESSIONID. 

If a user has cookies disabled in their browser, the 
container may choose to use a j avax. servlet. http. 
CookielessHttpSession object to track the user’s session. 
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Given: 

1. import javax.servlet.http.*; 

2. public class MySessionListener 

implements HttpSessionListener { 

3. public void sessionCreated() { 

4 . System, out .prin tin (''Session Created"); 

5. } 

6. public void sessionDestroyed() { 

7 . System, out .prin tin (''Session Destroyed"); 

8 . } 

9. } 

What is wrong with this class? (Choose all that apply.) 

Q A. The method signature on line 3 is NOT correct. 

Q B. The method signature on line 6 is NOT correct. 

Q G. The import statement will NOT import the 

HttpSessionListener interface. 

Q D. sessionCreated and sessionDestroyed are NOT the only 
methods defined by the HttpSessionListener interface. 


Which statements about session attributes are true? (Choose all that apply.) 

Q A. The return type of HttpSession. getAttribute (String) is 
Object. 

Q B. The return type of HttpSession. getAttribute (String) is 
String. 

Q G. Attributes bound into a session are available to any other servlet 

that belongs to the same ServletContext and handles a request 
identified as being part of the same session. 

□ D. Calling setAttribute ( 、 'keyA", ''valueB") on an HttpSession 

which already holds a value for the key keyA will cause an exception 
to be thrown. 

口 E. Calling setAttribute (''keyA", ''valueB") on an HttpSession 

which already holds a value for the key keyA will cause the previous 
value for this attribute to be replaced with the String valueB. 
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8 Which interfaces define a getSession () method? 
(Choose all that apply.) 

□ A. ServletRequest 

Q B. ServletResponse 

Q C. HttpServletRequest 

□ D. HttpServletResponse 



Given a session object s, and the code: 

s • setAttribute (''key", value); 


Which listeners could be notified? (Choose one.) 

Q A. Only HttpSessionListener 

Q B. Only HttpSessionBindingListener 

Q C. Only HttpSessionAttributeListener 

Q D. HttpSessionListener 

and HttpSessionBindingListener 

Q E. HttpSessionListener 

and HttpSessionAttributeListener 

Q F. HttpSessionBindingListener 

and HttpSessionAttributeListener 

O G. All three 



Given that req is an HttpServletRequest, which snippets create a 
session if one doesn’t exist? (Choose all that apply.) 

Q A. req.getSession(); 

Q B. req.getSession(true); 

Q C. req.getSession(false); 

□ D. req.createSession(); 

□ E. req.getNewSession(); 

□ F. req. createSession (true); 

Q G. req.createSession(false); 
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Given a session object s with two attributes named myAttrl and myAttr2, 
which will remove both attributes from this session? (Choose all that apply.) 

□ A. s • removeAllvalues (); 

口 B. s • removeAttribute (''myAttrl"); 
s • removeAttribute ( 、 'myAttr2 "); 

Q G. s . removeAHAttributes (); 

□ D. s • getAttribute (''myAttrl’’ ， UNBIND); 

s • getAttribute ( 、 'myAttr2", UNBIND); 

Q E. s . getAttributeNames (UNBIND); 


12 


Which statements about HttpSession objects in distributed 
environments are true? (Choose all that apply.) 

Q A. When a session is moved from one JVM to another, any 
attributes stored in the session will be lost. 

Q B. When a session is moved from one JVM to another, 

appropriately registered HttpSessionBindingListener 

objects will be notified. 

Q G. When a session is moved from one JVM to 

another, any session attribute implmenting the 

Ht tpSes s ionAc tiva tionLi s tener interface will be notified. 

Q D. When a session is moved from one JVM to another, attribute 
values that implement java. io. Serializable will be 
transferred to the new JVM. 


13 


Which statements about session timeouts are true? 


(Choose all that apply.) 


□ 

A. 

□ 

B. 

□ 

G. 

□ 

D. 

□ 

E. 


Session timeout declarations made in the DD can specify 
time in seconds. 

Session timeout declarations made in the DD can specify 
time in minutes. 

Session timeout declarations made programmatically can 
specify time only in seconds. 

Session timeout declarations made programmatically can 
specify time only in minutes. 

Session timeout declarations made programmatically can 
specify time in either minutes or seconds. 
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Choose the servlet code fragment that would retrieve from the request the value of a cookie named 
14 “ORA—UID ”？ (Choose all that apply.) 

□ A. String value = request • getCookie (' 、 ORA 一 UID"); 

Q B. String value = request .getHeader (' 、 ORA 一 UID"); 

Q C. javax.servlet.http.Cookie[] cookies = 
request.getCookies(); 

String cName = null; 

String value = null; 

if (cookies != null){ 

for (int i = 0; i < cookies. length; i++) { 
cName = cookies [i] . getName (); 
if (cName != null && 

cName. equalsIgnoreCase ( 、 'ORA 一 UID”））{ 
value = cookies[i].getValue(); 


Q D. javax.servlet.http.Cookie[] cookies = 

request.getCookies(); 
if (cookies.length > 0){ 

String value = cookies[0].getValue(); 


15 


Which method(s) can be used to ask the container to notify your application 
whenever a session is about to timeout? (Choose all that apply.) 

Q A. HttpSessionListener.sessionDestroyed 
Q B. HttpSessionBindingListener.valueBound 
Q C. HttpSessionBindingListener.valueUnbound 
Q D. HttpSessionBindingEvent.sessionDestroyed 
□ E. HttpSessionAttributeListener.attributeRemoved 
Q F. HttpSessionActivationListener.sessionWillPassivate 
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How would you use the HttpServletResponse object in a servlet to add a cookie to the client? 

ID Q A. <context-param> 

<param-name>myCookie</param-name> 

<par am-value>cookieValue< / par am-value> 

</context-param> 

Q B. response • addCookie (''myCookie", "cookieValue"); 

Q C. javax.servlet.http.Cookie newCook = 

new j avax. servlet. http. Cookie ( 、 'myCookie 〃，〃 cookieValue 〃）； 
II ...set other Cookie properties 
response.addCookie(newCook); 

Q D. javax.servlet.http.Cookie[] cookies = request.getCookies(); 
String cname = null; 
if (cookies != null){ 

for (int i = 0; i < cookies.length; i++) { 
cName = cookies [i] • getName (); 
if (cName != null && 

cName. equalsIgnoreCase ( 、 'myCookie〃））{ 
out.println ( cName + '' : '' + cookies [i] . getValue (); 


V 


Given: 

13. public class ServletX extends HttpServlet { 


14. 
resp) 

15. 

16. 

17. 

18. 

19. 

20 . 


public void doGet(HttpServletRequest req, HttpServletResponse 


throws IOException, ServletException { 
HttpSession sess = new HttpSession(req); 
sess.setAttribute("attrl", "value"); 
sess.invalidate(); 

String s = sess.getAttribute("attrl"); 


21 . } 


What is the result? (Choose all that apply.) 

Q A. Compilation fails 
口 B. The value of s is null 
Q G. The value of s is "value" 

Q D. An IOException is thrown 
Q E. A ServletException is thrown 
Q F. An IllegalStateException is thrown 
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Given: 

10. public class MyServlet extends HttpServlet { 


HttpServletResponse response) 
throws IOException , ServletException { 


(Soviet ^ ?• ^ 


11. 

pu 

12. 

13. 

// 

14. 

// 

15. 

// 

16. 

// 

17. 

} 

18. 

} 


Which line(s) could be uncommented without causing a compile or runtime error? 
(Choose all that apply.) 


□ A. 

□ B. 

□ G. 

□ D. 

E 

□ F. 


Line 13 only. 

Line 14 only. 

Line 15 only. 

Line 16 only. 

Line 13 or line 15. 
Line 14 or line 16. 


-Option £ is Corrtti because both I'mcs \l a^d 
1*5 make the dovvedt method d.all The ^ast to 

HUfScssioh is NOT hCdcssa\ry, but it docs rtWtCt 
the Corrtti -type, SO it is valid. 





-Option B is because 

dookies CANNOT be used, but 




If a client will NOT accept a cookie, which session management mechanism 
could the web container employ? (Choose one.) 

口 A. Cookies, but NOT URL rewriting. 

B. URL rewriting, but NOT cookies. 

口 G. Either cookies or URL rewriting can be used. URL docs HOT defend 

□ D. Neither cookies nor URL rewriting can be used. 0 於 ^°°^ ,cs enabled- 

Q E. Cookies and URL rewriting must be used together. 
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Which statements about HttpSession objects are true? 
(Choose all that apply.) 


or A. A session whose timeout period has been set to -1 


□ B. 

^ G. 

□ D. 


will never expire. 

A session will become invalid as soon as the user 
closes all browser windows. 

A session will become invalid after a timeout period 
defined by the servlet container. 

A session may be explicitly invalidated by calling 

HttpSession.invalidateSession(). 




3 *»s \Uo>r>rtci because 

s-.^al m tv>c rtTTP poW. 


-Op*tioh D is ihdovwt because 
■the method should be used is 
dalled mvalida*tcO. 


Which of the following are NOT listener event types in the J2EE 1.4 API? (API) 
(Choose all that apply.) 


□A. HttpSessionEvent 
Q B. ServletRequestEvent 
Q G. HttpSessionBindingEvent 
13 D. HttpSessionAttributeEvent 
口 E. ServletContextAttributeEvent 


一 rtttfSessio 灼 Bmd’ … 灼 *U ave used 

both H*t*tfScssiohB*mdm^Lis*tc^C\rs AND 
H*t*tfScssio^A't*tv"ibu*tcLis*tc^CV-s. 


Which statements about session tracking are true? 


(Choose all that apply.) 

bd A. URL rewriting may be used by a server as the basis for 


^ B. 


session tracking. 

SSL has a built-in mechanism that a servlet container could 
use to obtain data used to define a session. 


□ G. 

2f D. 

□ E. 


When using cookies for session tracking, there is no 
restriction on the name of the session tracking cookie. 

When using cookies for session tracking, the name of the 
session tracking cookie must be JSESSIONID. 

If a user has cookies disabled in their browser, the 
container may choose to use a j avax. servlet. http. 


CookielessHttpSession object to track the user’s 


session. 




-Of*bior> C is *mdon-cd*b because 

-the spc6i-fida*bior> did*t3*tcs *bha*b 
-the session tvadkma dookic 

must be JSESSIOMP. 


-Option £ is mdo\r\rcd*t 
because theve is y\o 
sudh dlass. 
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Given: 


(Servlet ^ ?* ^ 


2 

3 

4 

5 

6 

7 

8 
9 


import javax.servlet.http.*; 
public class MySessionListener 

implements HttpSessionListener { 
public void sessionCreated() { 

System, out .printin (''Session Created"); 

} 

public void sessionDestroyed() { 

System, out .printin (''Session Destroyed"); 


What is wrong with this class? (Choose all that apply.) 




-Oftiohs A a^d B arc co^td 
because these methods should 
have av\ H-t-tfScssio^Evc^t 
pav-ametev*. 


A. The method signature on line 3 is NOT correct. 

B. The method signature on line 6 is NOT correct. 

Q G. The import statement will NOT import the 

HttpSessionListener interface. 

Q D. sessionCreated and sessionDestroyed are NOT the only 

methods defined by the HttpSessionListener interface. - or> D is beddusf 

tlicsc avc the ohly -two methods 


一 Option C is *mdov\rcd*t 

because the listc^cv is dc-Pmcd 
•m impoirted 


… this ih*tc\r-Padc. 


7 


Which statements about session attributes are true? (Choose all that apply.) 


1^ A. The return type of HttpSession. getAttribute (String) is 
Object. 


□ B. 
^ G. 


The return type of HttpSession. getAttribute (String) is 
String. 

Attributes bound into a session are available to any other servlet 




B \Uor>rtti 

because 

IS Object* 


□ D. 
^ E. 


that belongs to the same ServletContext and handles a request 
identified as being part of the same session. 

Calling setAttribute ( 、 'keyA" , ''valueB") on an HttpSession 

which already holds a value for the key keyA will cause an exception 
to be thrown. 


-Optioh D is ihdovre^t 
bcdausc -this dal I will simply 
^cpladc the cxistmj value. 


Calling setAttribute (''keyA" , ''valueB") on an HttpSession 

which already holds a value for the key keyA will cause the previous 
value for this attribute to be replaced with the String valueB. 
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Which interfaces define a getSession () method? 
(Choose all that apply.) 

□ A. ServletRequest 
Q B. ServletResponse 
^ G. HttpServletRequest 

□ D. HttpServletResponse 


(Soviet ^ ^ 


Given a session object s, and the code: 

s • setAttribute (''key", value); 


(Soviet ^ ® 0) 


Which listeners could be notified? (Choose one.) 

口 A. Only HttpSessionListener 

Q B. Only HttpSessionBindingListener 

Q C. Only HttpSessionAttributeListener 

□ D. HttpSessionListener 

and HttpSessionBindingListener 

口 E. HttpSessionListener 

and HttpSessionAttributeListener 

F. HttpSessionBindingListener 

and HttpSessionAttributeListener 

O G. All three 




-Option F is torYtci because 
rt*t*tfScssiohA"t*tv"ibu*tcLis*tc^cv is hotHncd 
tiw'C atVikutc is ddded ^r\A xhc 
value ob\cd*t >will also be i-V it 


Given that req is an HttpServletRequest, which snippets create a 


session if one doesn’t exist? (Choose all that apply.) 


^ A. 
^ B. 

□ G. 

□ D. 

□ E. 

□ F. 

□ G. 


req.getSession(); 
req.getSession(true); 
req.getSession(false); 
req.createSession(); 
req.getNewSession(); 
req.createSession(true); 
req.createSession(false); 


-Options /\ B v/ill eddh 
dveate 3 hew session i-P ov\t 
docs^-t gctScssiohf-falsc) 
VC*tu\ThS a hull i-P *thc session 
doesn't C^ist 


(API) 
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Given a session object s with two attributes named myAttrl and myAttr2, 
which will remove both attributes from this session? (Choose all that apply.) 


(API) 


□ 

A. 


B. 

□ 

G. 

□ 

D. 

□ 

E. 


s _ removeAllvalues (); 

s • removeAttribute (''myAttrl"); 
s • removeAttribute ( 、 'myAttr2 "); 

s • removeAHAttributes (); 

s . getAttribute (''myAttrl’’ ， UNBIND); 
s • getAttribute ( 、 'myAttr2", UNBIND); 

s • getAttributeNames (UNBIND); 


-Option B is dov-rcdt 
V-CmOVcA*t*tv"ibu*tc0 is the Oir\ly 
v^ay bo v-emove attv-ibutes Wor^ 
d session >*t removes 

or\ly ov\t attribute at a 七你匕 


12 


Which statements about HttpSession objects in distributed 
environments are true? (Choose all that apply.) 

Q A. When a session is moved from one JVM to another, any 
attributes stored in the session will be lost. 


^ h0) 

—is 

se\ridliz3ble attributes 』 be 

*tva 灼 “ ^\r\red. 


Q B. When a session is moved from one JVM to another, appropriately 
registered HttpSessionBindingListener objects will be 
notified. 

G. When a session is moved from one JVM to another, any session 
attribute implmenting the HttpSessionActivationListener 

. interface will be notified. 

21 D. When a session is moved from one JVM to another, attribute 
values that implement java. io. Serializable will be 
transferred to the new JVM. 


-Optioh B is ihdo\r\rcd*t 
sihde a*tbribu*tes \rema'm 
bouhd b> *thc sessioh. 


13 


Which statements about session timeouts are true? 


(Choose all that apply.) 


□ A. 

q/ b. 

^ G. 

□ D. 

□ E. 


Session timeout declarations made in the DD can specify 
time in seconds. 

Session timeout declarations made in the DD can specify 
time in minutes. 

Session timeout declarations made programmatically can 
specify time only in seconds. 

Session timeout declarations made programmatically can 
specify time only in minutes. 

Session timeout declarations made programmatically can 
specify time in either minutes or seconds. 


(API) 


-|h *thc W, usm^ *thc 
<sessioh —* tirweou*b> Ohly 

m'muies £.ar\ be spedi-fied, usmj 
Httf Sessions 

sc*tMax.|vc Ir>*tcv-val () oi^ly 
seconds car\ be spedi-fied. 
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Choose the servlet code fragment that would retrieve from the request the value 
14 0 f a cookie named “ORA_UID ”？ (Choose all that apply.) 


(API) 


□ A. 

□/B. 

a c. 


String value = request • getCookie (' 、 ORA 一 UID"); 

String value = request .getHeader (' 、 ORA 一 UID"); 

javax.servlet.http.Cookie[] cookies = 
request.getCookies(); 

String cName = null; 

String value = null; 
if (cookies != null){ 

for (int i = 0; i < cookies. length; i++) { 
cName = cookies [i] . getName (); 
if (cName != null && 

cName. equalsIgnoreCase ( 、 'ORA 一 UID")) { 
value = cookies[i].getValue(); 


一 Option v-c-fcv-s -to a 

method that docs^-b 


一 C — a Cook\c 


Q D. javax.servlet.http.Cookie[] cookies = 

request.getCookies(); 
if (cookies.length > 0){ 

String value = cookies[0]•getValue() 


- Option P o^ly looks at the 
Cookie m 七 he 3vvay- 


15 


(API) 

Which method(s) can be used to ask the container to notify your application 
whenever a session is about to timeout? (Choose all that apply.) 

A. HttpSessionListener. sessionDestroyed -Option C : 七 his is kmd \rour>d-abou*t, 

HttpSessionBindingListener. valueBound bu*t i*f you have a 於 attv-ibuie dlass this is 

o u/3V ho be a x-i^coux* 

HttpSessionBindingListener.valueUnbound • 

HttpSessionBindingEvent . sessionDestroyed 一 P : ⑽ 

—0p*t»or> vcw'ov'm^ ar> atbribu 七 e 
isr/ 七 七吵七 ly assodiated 如 七 h a 

HttpSessionActivationListener. sessionWillPassivate €SSK> 灼 七加 eou 七 



□ 

□ 

□ 


B. 

G. 

D. 

E. 

F. 


HttpSessionAttributeListener. attributeRemoved 


一 ^ ^ IOh F scssioh passivatioh is 
d'+tcvch-t than session iimeout. 
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How would you use the HttpServletResponse object in a servlet to add a cookie to the 
client? 


(API) 


□ A. 


□ B. 
^ G. 


<context-param> 

<param-name>myCookie</param-name> 

<par am-value>cookieValue< / par am-value> 

</context-param> 

response. addCookie ( 、 'myCookie〃，〃cookieValue 

javax.servlet.http.Cookie newCook = 

new j avax. servlet. http. Cookie ( 、 'myCookie 〃，〃 cookieValue 〃）； 
II ...set other Cookie properties 
response.addCookie(newCook); 




Q D. javax.servlet.http.Cookie[] cookies = request.getCookies(); 
String cname = null; 
if (cookies != null){ 

for (int i = 0; i < cookies.length; i++) { 
cName = cookies [i] . getName (); 
if (cName != null && 

cName. equalsIgnoreCase (''myCookie")) { 
out.println ( cName + '、： '、+ cookies [i] . getValue (); 

} -Optioh P is hot do\r\rcd*t because i*t 

} shows scvvlci todt v-ctv-icvihj, hoi 

} a Cookie- 


V 


Given: 


(API) 


13. public class ServletX extends HttpServlet { 


14. 
resp) 

15. 

16. 

17. 

18. 

19. 

20 . 


public void doGet(HttpServletRequest req, HttpServletResponse 

throws IOException, ServletException { 

HttpSession sess = new HttpSession(req); 
sess.setAttribute("attrl", "value"); 
sess.invalidate(); 

String s = sess.getAttribute("attrl"); 


What is the result? (Choose all that apply.) 

^ A. Compilation fails - 外 W AU “ Vou object 

□ B. The value of s is null by ㈣ ，收 sW). 

□ G. The value of s is ’’value” 

Q D. An IOException is thrown 
Q E. A ServletException is thrown 

Q F. An IllegalStateException is thrown 
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Being a JSP 



A JSP becomes a servlet. A servlet that you don't create. The 
Container looks at your JSP, translates it into Java source code, and compiles 
it into a full-fledged Java servlet class. But you’ve got to know what happens 
when the code you write in the JSP is turned into Java code. You can write Java 
code in your JSP, but should you? And if you don’t write Java code, then what 
do you write? How does it translate into Java code? In this chapter, we’ll look at 
six different kinds of JSP elements — each with its own purpose and, yes, unique 
syntax. You’ll learn how, why, and what to write in your JSP. Perhaps more 
importantly, you’ll learn what not to write in your JSP. 


this is a new chapter 
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The JSP Technology Model 


Coverage Notes: 


6.1 Identify, describe, or write JSP code for the following 
elements: (a) template text, (b) scripting elements 
(comments, directives, declarations, scriptlets, and 
expressions), (c) standard and custom actions, and (d) 
expression language elements. 


Most is covered in this chapter, but the 
details behind (c) standard and custom 
actions, and (d) expression language 
elements are covered in later chapters. 


6.2 Write JSP code that uses the directives： (a) page (with The page directive is covered in this chapter, 

attributes import, session, COntentType, and isELIgnored), but include and taglib are covered in later 

(b) include, and (c) taglib. chapters. 


6.3 Write a JSP Document (XML-based document) that uses 
the correct syntax. 


Not covered here; refer to the chapter on 
Deployment. 


6-4 Describe the purpose and event sequence of the JSP 
page lifecycle: (1) JSP page translation, (2) JSP page 
compilation, (3) load class, (4) create instance, (5) call the 
jsplnit method, (6) call the JspService method, and (7) call 
the jspDestroy method. 


All covered in this chapter. (Hint: these will 
be some of the most no-brainer questions 
on the real exam, once you’ve learned the 
fundamentals in this chapter.) 


6.5 Given a design goal, write JSP code using the appropriate 
implicit objects: (a) request, (b) response, (c) out, 

(d) session, (e) config, (f) application, (g) page, (h) 
pageContext, and (i) exception. 


All covered in this chapter, although you’re 
expected to already know what most of them 
mean based on the previous two chapters. 


6-6 Configure the deployment descriptor to declare one or We cover everything here except declaring tag 

more tag libraries, deactivate the evaluation language, and libraries. That’s covered in the chapter on 
deactivate the scripting language. Using JSTL. 


6-7 Given a specific design goal for including a JSP segment 淑 covered here ； refer to the next chapter 

in another page, write the JSP code that uses the most (Scriptless JSPs). 

appropriate inclusion mechanism (the include directive or 
the jsp:include standard action). 
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Iw the cwd, a JSpisjusta servlet 

Your JSP eventually becomes a full-fledged servlet running in your 
web app. It’s a lot like any other servlet, except that the servlet class 
is written for you — by the Container. 

The Container takes what you’ve written in your JSP, translates it 
into a servlet class source (.java) file, then compiles that into a Java 
servlet class. After that, it’s just servlets all the way down, and the 
servlet runs in exactly the same way it would if you’d written and 
compiled the code yourself. In other words, the Container loads the 
servlet class, instantiates and initializes it, makes a separate thread 
for each request, and calls the servlet’s serviceQ method. 


The most important point for 
this chapter is simply ： what 
role does your JSP code play 
in the final servlet class. 

In other words, where do 
the elements in the JSP end 
up in the source code of the 
generated servlet? 





Some of the questions we’ll answer in this chapter include: 

^ Where does each part of your JSP file end up in the servlet source 
code? 


^ Do you have access to the “servletness” of your JSP page? 

For example, does a JSP have a concept of a ServletGonfig or 
ServletGontext? 

^ What are the types of elements you can put in a JSP? 

^ What’s the syntax for the different elements in a JSP? 

^ What’s the lifecycle of a JSP, and can you step into the middle of it? 
^ How do the different elements in a JSP interact in the final servlet? 
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making a JSP 


Makmg a JSP that displays how 
many times it's been accessed 


Pauline wants to use JSPs in her web apps — she’s really sick of 
writing HTML into a servlet’s PrintWriter println(). 

She decides to learn JSPs by making a simple dynamic page that 
prints the number of times the page has been requested. She 
understands that you can put regular old Java code in a JSP using 
a scriptlet — which just means Java code within a <% ... %> tag. 





BasicCounter.jsp 


<html> 

<body> 

The page count is : 


<% 


out.println(Counter.getCount()); 
%> ^\^ 

遂心 ㈣ 。'一 . 


Counter, java 

package foo; 

public class Counter { 

private static int count; 

public static synchronized int getCount() 
count++; 
return count; 

} 

} p\a*m old 

6 ' ass * 
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She deploys and tests it 

It’s trivial to deploy and test. The only tricky part is making 
sure that the Counter class is available to the JSP, and that’s 
easy — just be sure the Counter class is in the WEB-INF/ 
classes directory of the web app. She accesses the JSP directly 
in the browser at ： http://localhost:8080/testJSP1/BasicCounter.jsp 


What she expected: 




testJSPI 


B-INF 


web.xml 


BasicCounterJsp 


"this web 


^oo*t 




0010 

0001 

1100 

1001 

0001 

0011 

0101 

0110 


Pu*t fa 乙 kay 匕 Counter.class 

6ldss -Vile 


_ 一 II 




d»v"c^*tov"Y) pav 七 

Jr tv^is y/cb w'»ll be 


able -to see *»*t* 


R ° ° 

< O c 十 • • http ://localhost:8080/testJSP1/BasicCounter.jsp 

7 • cv 


The page count is: 1 


- J 


What she got: 


S 3 


•’ http://localhost:8080/testJSP1/BasicCounter.jsp 


HTTP Status 500 



The server encountered an internal error () that prevented it from fulfilling this request. 
- org.apache.jasper.JasperException: Unable to compile class for JSP 


exception 


An error occurred at line: 1 in the jsp file: /BasicCounter.jsp 
Generated servlet error: 

[javac] Compiling 1 source file 

/Users/kathy/Applications2/jakarta-tomcat-5.0.19/work/Catalina/localhost/testJSP1/org/ 
apache/jsp/BasicCounterjsp.java:45: cannot resolve symbol 
symbol : variable Counter 

location: class org.apache.jsp.basicCounterjsp , 

out.print( Counter.getCount()); ^ ou*t s 


Ca^ ^ 


error 


org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:127) 

org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:351) 

org.apache.jasper.compiler.Compiler.generateClass(Compiler.java:415) 

org.apache.jasper.compiler.Compiler.compile(Compiler.java:458) 

org.apache.jasper.compiler.Compiler.compile(Compiler.java:439) 

org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:553) 

org.apache.jasper.servlet 」 spServletWrapper.service(JspServletWrapper.java:291) 

org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:301) 

org.apache.jasper.servlet 」 spServlet.service(JspServlet.java:248) 

javax.servlet.http.HttpServlet.service(HttpServlet.java:856) 
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page directive import attribute 


The JSP docsw't rccogwizcthc Counter class 

The Counter class is in the foo package, but there’s nothing in the JSP 
to acknowledge that. It’s the same thing that happens to you with any 
other Java code, and you know the rule: import the package or use the 
fully-qualified class name in your code. 


I guess you have to use the 
fully-qualified class name inside 
JSPs. That makes sense, since 
all JSPs are turned into plain old Java 
servlet code by the Container. But 
I sure wish you could put imports 
into your JSP code... 



Counter.java 

package foo; 

public class Counter { 

private static int count; 
public static int getCount() { 

count++; 
return count; 


JSP code was: 

<% out.println (Counter . getCount () ) ; %> 


JSP code should be: 

<% out. println ( foo . Counter . getCount ()); 



%> 
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But you CAN put 
import statements in 
a JSP... you just need 
a directive. 



Use the page directive to import packages 

A directive is a way for you to give special instructions to the Container 
at page translation time. Directives come in three flavors: page, include, 
and taglib. We’ll look at the include and taglib directives in later 
chapters, but for now all we care about is the page directive, because it’s 
the one that lets you import. 


To import a single package: 


<%@ page import= 〃 foo• %> 

<html> 

<body> 

The page count is: 

<% 


^_ 一 TV^'is a 4 

a 灼 iwpov 七 a 七七 6 ^七匕 
(No 七以 

a 七七 k ⑼ d d a a^twc ) 


out.println(Counter.getCount()); 


%> 

</body> 

</html> 



㈣ 心。 


iUs t Chd 


lh a scnr»i^ 0 | 0h / 


To import multiple packages: 


<%@ page import=^foo. java.util. %> 


却， 


Use a 

T\\t <\uo*tcs 50 a 


Notice what’s different between the Java code that prints the counter 
and the page directive? 

The Java code is between angle brackets with percent signs: <% and 
%>. But the directive adds an additional character to the start of the 
element — the @ sign! 

¥ y° u see JSP code that starts with <°/o@, you know it’s a directive. (We’ll get 
into more details about the page directive later in the book.) 
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using expressions 


Put then Kim mentions Expressions" 

Just when you thought it was safe, Kim notices the scriptlet 
with an out.println() statement. This is JSP, folks. Part of the 
whole point of JSP is to avoid println()! That’s why there’s a 
JSP expression element — it automatically prints out whatever 
you put between the tags. 



Scriptlet code: 

<%@ page import= : ’’foo. %> 

<html> 

<body> 

The page count is: 

<% out.println(Counter.getCount()); %> 

</body> 

</html> 


Expression code: 


<%@ page import=’’foo. %> 

<html> 

<body> 

The page count is now : 


<%= Counter.getCount() %> 

</body> 


</html> 


J\\t excess ’ 1 。 灼 is s 




I vv^ ^ ^ - 

do 七 … 


Notice what’s different between the tag for the scriptlet 
code and the tag for the expression? The scriptlet code is 
between angle brackets with percent signs: <% and %>. 
But the expression adds an additional character to the start 
of the element — an equals sign (=). 


So far we’ve seen three different JSP element types: 


Scriptlet: 

Directive: 

Expression: 


<% %> 

<%@ %> 

<%= %> 
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HELLO! If you're gonna tell us 
how to improve our code, you 
could AT LEAST get the Java syntax 
right... there's no frickin* semicolon 
at the end of that expression! 


\A/V>cvc 






<%= Counter.getCount() %> 



Expressions become the argument 
to aw out.prmtO 

In other words, the Container takes everything you type between 
the <%= and %> and puts it in as the argument to a 
statement that prints to the implicit response PrintWriter out. 

When the Container sees this: 

<%= Counter.getCount() %> 

It turns it into this: 

out.print(Counter.getCount()); 


If you did put a semicolon in your expression: 


<%= Counter.getCount ()； %> 


That would be bad. It would mean this: 

out.print(Counter.getCount();); 


^ Yikcs|! TWis Will 




NEVER end an expression with a semicolon! 

<%= neverPutASemicolonlnHere %> 
<%= becauseThislsAnArgumentToPrint() %> 
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expressions and page directive 

^iierei£irejiP 

Dumb Questions 

o ： 

Well, if you're supposed to use expressions 
INSTEAD of putting out.println() into a scriptlet, 
then why is the implicit "out 〃 there? 


You probably won’t use the implicit out 
variable from within your JSP page, but you might 
pass it to something else... some other object that’s 
part of your app that does not have direct access to 
the output stream for the response. 

In an expression, what happens if the 
method doesn't return anything? 

A I 

XX You'll get an error!! You cannot, MUST 
NOT use a method with a void return type as an 
expression. The Container is smart enough to figure 
out that there won't be anything to print if the 
method has a void return type! 

0： 

Why does the import directive start with 
the word "page"? Why is it <%@ page import …％> 
instead of just <%@ import... %>. 

A • 

Good question! Rather than having a whole 
big pile of different directives, the JSP spec has just 
three JSP directives, but the directives can have 
attributes. What you called "the import directive” is 
actually "the import attribute of the page directive”. 

0： 

What are the other attributes for the page 
directive? 

A I 

Remember, the page directive is about 
giving the Container information it needs when 
translating your JSP into a servlet. The attributes we 
care about (besides import) are session, content- 
Type, and isELIgnored (we’ll come back to these 
later in the chapter). 



Decide which of the following expressions are and 
are not valid, and why. We haven’t covered every 
example here, so make your best guess based 
on what you know about how expressions work. 
(Answers are later in this chapter so do this NOW.) 


Valid? (Check if valid, and if not, explain why not.) 


□ 

□ 

□ 

□ 

□ 

□ 

□ 

□ 

□ 

□ 


<%= 27 %> 


<%= ((Math.random() + 5)*2); %> 

<%= “27” %> 


<%= Math.random() %> 

<%= String s = “foo” %> 

<%= new String[3] %> 

<% = 42 氺 20 %> 


<%= 5 > 3 %> 


<%= false %> 


<%= new GounterQ %> 
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Kim drops the final bombshell... 




<html> 

<body> 

<% int count=0; 
The page count is 



<%= ++count %> 

</body> 

</html> 


Will it compile? 
Will it work? 


%> 
now : 
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scriptlet variables 


Peclarmg a variable m a scriptlet 

The variable declaration is legal, but it didn’t quite work 
the way Pauline hoped. 


What she tried: 

〈触〉如. 




<body> 

<% int count=0; %> 
The page count is now : 


Pcdlavc vav，,a ' D ' c， 


c^vcss\oy\ 




<%= ++count %> 


</body> 

</html> 



ih e 6o[Ahi 

^ ihc value. 


What she got the first time she hit the page: 



What she got the second ， third，and every other 
time she hit the page: 



http://localhost:8080/testJSP1/BasicCounter.jsp 


The page count is: 1 


It kcc\>s vav、aWc 
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What REALLY happens to your JSP code? 

You write a JSP, but it becomes a servlet. The only way to really tell 
what’s happening is to look at what the Container does to your JSP 
code. In other words, how does the Container translate your JSP into 
a servlet? 

Once you know where different JSP elements land in the servlet’s 
class file, you’ll find it much easier to know how to structure your JSP. 

The servlet code on this page is not the real code generated by 
the Container — we simplified it down to the essential parts. The 
Container-generated servlet file is, well, uglier. The real generated 
servlet source code is slightly harder to read, but we will look at the 
real thing in a few pages. For now, though, all we care about is where 
in the servlet class our JSP code actually ends up. 


This JSP： 


Becomes this servlet ： 


public class basicCounter_j sp extends SomeSpecialHttpServlet { 


public void _jspService(HttpServletRequest request, 

HttpServletResponse response)throws java•io •工 OException, 

ServletException { 


<htmlxbody> - y 

<% int count=0; %>- ^ 

The page count is now :-^ 

<%= + + count %> - ► 

</body></html> - 


PrintWriter out = response.getWriter(); 
response . setContentType (''text/html 〃）； 
out.write(''<html><body>"); 

int count=0; 


out. write (''The page count is now:’’) 

out.print( ++count ); 

out. write ( 、 '</body></html>"); 




a 

as 


ALL scriptlet and expression code 
lands in a service method. 

That means variables declared in a 
scriptlet are always LOCAL variables! 


No*tc ： i-f you *to see ihc scv-vlc*t todt -fvom 7omda*t ； look'm 

youvTomda*bttomePijr/v/o\rk/ / YouvSewevKame/You\rWeb/\ppK3^c/ov^/apa 匕 hc/jsp. 

(The u^dev-l'medl will oy\ you\r system Br\d youv web app ) 
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JSP declarations 


Dont tell me—there 
must be another kind of 
JSP element for declaring 
instance variables instead 
of local variables... 



Wc need another JSP element... 

Declaring the count variable in a scriptlet meant that the 
variable was reinitialized each time the service method ran. 
Which means it was reset to 0 with each request. We 

need to somehow make count an instance variable. 

So far we’ve looked at directives, scriptlets, and expressions. 
Directives are for special instructions to the Container, 
scriptlets are just plain old Java that lands as-is within 
the generated servlet’s service method, and the result of 
an expression always becomes the argument to a print() 
method. 

But there’s another JSP element called a declaration. 


1 d-rtev t 


JSP declarations are for declaring members of the 
generated servlet class. That means both variables and 
methods! In other words, anything between the <%! and 
%> tag is added to the class outside the service method. 
That means you can declare both static variables and 
methods. 
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JSP declarations 


A JSP declaration is always defined inside the class but outside the service (or 
any other) method. It’s that simple — declarations are for static and instance 
variables and methods. (In theory, yes, you could define other members 
including inner classes, but 99.9999% of the time you’ll use declarations for 
methods and variables.) The code below solves Pauline’s problem; now the 
counter keeps incrementing each time a client requests the page. 

Variable Declaration 

Tfiis JSP: Becomes this servlet: 

public class basicCounter_j sp extends SomeSpecialHttpServlet { 


<htmlxbody> 



<%= ++count %> 
</body></html> 


int count=0; 

public void _jspService(HttpServletRequest request, 

HttpServletResponse response)throws java•io • 工 OException 

PrintWriter out = response.getWriter(); 

response. setContentType ( 、 'text/html 〃）； 

out.write(''<html><body >’’）； 

out. write (''The page count is now :’’）； 

out.print( ++count ); ^~^ 

out .write (''</body></html>") ; . i. - mj^Vc 

oJf a \o6a\ 肅、 脉 . 


Method Declaration 

Tfiis JSP: Becomes this servlet: 


<html> 

<body> 

<% ! int doubleCount() { 
count = count*2; 
return count; 

} 

%> 

<% ! int count 二 1/ %> 

The page count is now : 

<%= doubleCount() %> 
</body> 

</html> 


public class basicCounter_j sp extends SomeSpecialHttpServlet { 


I IV- 

int doubleCount (){ 丁 ^ m ^ 

^ count = count*2; ^ 咖 (U M 祕 

return count; 

} lis Java, so v\o pv-oblcrw with -fo\rw«l\rd-v-c-fcv-ChdiK>a 

int count=l;<-^ the v^iablc AFTER you used it m a method). 


public void _jspService(HttpServletRequest request, 

HttpServletResponse response)throws java•io •工 OException { 
PrintWriter out = response.getWriter(); 
response . setContentType (''text/html ”）； 
out. write ( 、 '<html><body >’’）； 
out. write (''The page count is now :’’）； 
out.print( doubleCount()); 
out. write (''</body></html>"); 
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Time to see the REAL generated servlet 

We’ve been looking at a super-simplified version of the servlet the 
Container actually creates from your JSP. There’s no need to look at 
the Container-generated code during development, but you can use 
it to help learn. Once you’ve seen what the Container does with the 
different elements of a JSP, you shouldn’t need to ever look at the 
Container-generated .java source files. Some vendors won ? t let you see 
the generated Java source, and keep only the compiled .class files. 

Don’t be intimidated when you see parts of the API that you don’t 
recognize. Most of the class and interface types are vendor-specific 
implementations you shouldn’t care about. 

What the Container does with your JSP 

y Looks at the directives, for information it might need during translation. 

> Creates an HttpServlet subclass. 

For Tomcat 5, the generated servlet extends: 

org.apache.jasper.runtime.HttpJspBase 

> If there’s a page directive with an import attribute, it writes the import 
statements at the top of the class file, just below the package statement. 

For Tomcat 5, the package statement (which you don’t care about) is: 

package org.apache.jsp; 

> If there are declarations, it writes them into the class file, usually just 
below the class declaration and before the service method. Tomcat 5 
declares one static variable and one instance method of its own. 

V Builds the service method. The service method’s actual name is 
_jspService (). It’s called by the servlet superclass’ overridden 
service() method, and receives the HttpServletRequest and 
HttpServletResponse. As part of building this method, the Container 
declares and initializes all the implicit objects. (You’ll see more implicit 
objects when you turn the page.) 

> Combines the plain old HTML (called template text), scriptlets, and 
expressions into the service method, formatting everything and writing 
it to the PrintWriter response output. 



There’s little on the 
exam about the 
generated class. 


H/eVe been showing 
generated code so that you 
can understand how the JSP 
is translated into servlet code. 
But you don’t need to know the 
details about how a particular 
vendor does it, or what the 
generated code actually looks 
like. All you need to know is the 
behavior of each element type 
(scriptlet, directive, declaration, 
etc.) in terms of how that 
element works inside the 
generated servlet You need 
to know, for example, that your 
scriptlet can use implicit objects, 
and you need to know the 
Servlet API type of the implicit 
objects. But you do NOT need 
to know the code used to make 
those objects available. 

The only other thing you need 
to know about the generated 
code are the three JSP 
lifecycle methods: jsplnit(), 
jspDestroy, and JspService(). 
(They’re covered later in this 
chapter.) 
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Tomcat 5 generated class 

package org.apache.j sp; 
import javax.servlet.*; 
import j avax.servlet.http.* 
import j avax.servlet.j sp.*; 




<htmlxbody> 

<% ! int count=0; %> 

The page count is now : 
<%= ++count %> 
</body></html> 


public final class BasicCounter—jsp extends org.apache.jasper.runtime.HttpJspBase 

implements org.apache.j asper.runtime.JspSourceDependent { 


int count=0; 


private 

public j 
return 


static j ava.util.Vector _j spx 

ava.util.List getDependants() 
_jspx—dependants; 


dependants; 




(tWmy 

vb 


\v\s\At 

bcloY, tlass 


dictlavafco^- 


public void —jspService(HttpServletRequest request, HttpServletResponse response) 

throws java•io • 工 OException, ServletException 


JspFactory _j spxFactory = null; 
PageContext pageContext = null; 
HttpSession session = null; 
ServletContext application = null; 
ServletConfig config = null; 

JspWriter out = null; 

Object page = this; 

JspWriter _j spx_out = null; 

PageContext 一 jspx_page_context = null; 


The Coh-bmcv a Wh 

oj* its owh Ua\ vanablcs, i^ludma 

l° SC ,^ ihc li 乙 it 

u° b l _ 」叫昽 wd, like 
out 3hd lrc^ucs-t w . 


try { 

_j spxFactory = JspFactory.getDefaultFactory(); 
response . setContentType (''text/html ”）； 


pageContext = _j spxFactory.getPageContext(this f 

null, true, 8192, true); 

_j spx_page_context = pageContext; 
application = pageContext.getServletContext(); 
config = pageContext. getServletConfig (); 
session = pageContext.getSession(); 
out = pageContext.getOut (); 

_j spx_out — out; 

out. write (''\r<html>\r<body>\r"); 

out. write (''\rThe page count is now : \r"); 

out.print ( ++count ); 

out. write (''\r</body>\r</html>\r"); 


request. 




response. 


it •tvics *bo \run output 
youv- JSP HTML, sdvip 七 let a 灼 d 

C 乂 f\rcssio 灼 todc- 


} catch (Throwable t) { 


if ( 丨 （t instanceof SkipPageException)){ 
out —_ _j spx_out; 

if (out != null && out.getBufferSize() != 0) 

out.clearBuffer (); 


dowrse -things 
—hi go 


if (_j spx_page_context != null) _j spx_page_context.handlePageException(t); 


} finally { 

if (_j spxFactory != null) _j spxFactory.releasePageContext(_j spx_page_context); 
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The out variable iswt the owly implicit object … 

When a Container translates the JSP into a servlet, the beginning of the 
service method is a pile of implicit object declarations and assignments. 

With implicit objects, you can write a JSP knowing that your code is going 
to be part of a servlet. In other words, you can take advantage of your 
servletness, even though you’re not directly writing a servlet class yourself. 


Think back to chapters 4, 5, and 6. What were some of the important objects 
you used? How did your servlet get servlet init parameters? How did your 
servlet get context init parameters? How did your servlet get a session? How 
did your servlet get the parameters submitted by the client in a form? 


These are just a few of the reasons your JSP might need to use some of what’s 
available to a servlet. All of the implicit objects map to something from the 
Servlet/JSP API. The request implicit object, for example, is a reference to the 
HttpServletRequest object passed to the service method by the Container. 




JspWriter 
HttpServletRequest 
HttpServletResponse 
HttpSession 
ServletContext 
ServletConfig 
Throwable 
PageContext 
Object 




_ out 

— request 
response 

_ session 

_ application 

_ config 


你从 atlaW “e book.) 



exception 
pageContext < — A PagcCohtcxt 


page 


irupli 匕 i 七 

a 


>bjc^ts ; s 


Ch^apsula-tcs o*thcv- 

^ y° u 9 iv « some hclpcv- 
心 xt the 


an 


Y ^rcTCf ChuC Th 产 

What’s the difference between a JspWriter and a PrintWriter I get from 
HttpServletResponse? 


蠢 


The JspWriter is not in the class hierarchy of PrintWriter, so you can’t use it 
in place of a PrintWriter. But it has most of the same print methods, except it adds 
some buffering capabilities. 
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Exercise 


BE fire Container 

EacK of Ae listings is from a JSP. Your 
job is to figure out what will happen when 
tire Container tries to turn lie JSP into 
a servlet Will tire Container be able 
to translate your JSP into 
jL. legal, compilable servlet 

code? If not, why not? If So, 
譯 what happens when a client 
卞 accesses Ae JSP? 




① 


<htmlxbody> 

Test scriptlets... 
<% int y=5+x; %> 

<% int x=2; %> 
</body></html> 



② 


<%@ page import="java•util•*" %> 
<htmlxbody> 

Test scriptlets... 

<% ArrayList list = new ArrayList(); 
list. add (new String ( 、 'foo 〃））； 

%> 

<%= list.get (0) %> 

</body></html> 


③ 


<htmlxbody> 

Test scriptlets... 
<% ! int x = 42; %> 
<% int x = 22; %> 
<%= x %> 
</body></html> 


_ • —- 

， 1 . + ^ http://localhost:8080/testJSP1/BasicCounter.jsp 





enn 


， rQ* | C + http://localhost:8080/testJSP1/BasicCounter.jsp 
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JSP exercise 



Mock Exam Magnets 

Study the scenario (and everything else on this page), then place the 
magnets on the JSP to make a legal file that would produce the correct 
result. You don’t have to use any magnet more than once, and you 
won’t use all of the magnets. This exercise assumes there’s a servlet 
(which you don’t need to see) that takes the initial request, binds an 
attribute into the request scope, and forwards to the JSP you’re creating. 


(Note: we called this “Mock Exam Magnets” instead of “Code Magnets” because 
the exam is FULL of Drag and Drop questions like this one.) 


Design Goal 


Create a JSP that will produce this: 


j^ 


*, http://localhost:8080/testJSP1/BasicCounter.jsp 


The friends who share your hobby of extreme knitting are: 


Fred 

Pradeep 

Philippe 




The text “extreme knitting” comes from a 
form request parameter. You'll need to get 
that parameter from your JSP. A servlet will 
get the request first (and then forward the 
request to your JSP) but that doesn’t change 
the way you get the parameter in your JSP. 


The three names come from an ArrayList 
request attribute called “names”. You'll 
need to get the attribute from the request 
object. Assume a servlet got this request 
and set an attribute in request scope. 


The HTML form 

<htmlxbody> 

<form method="POST 


s a strati 




action=’’HobbyPage • do’’> ^ 
Choose a hobby : <p> 


<select name= 〃 hobby 〃 size= 〃 l〃> 
<option>horse skiing 
<option>extreme knitting 
<option>alpine scuba 
<option>speed dating 
</select> 

<br><br> 

<center> 

<input type=’’SUBMIT’’> 

</center> 

</form> 

</body></html> 


Important tips and clues 

y The request attribute is of type 
java.util.ArrayList. 

^ The implicit variable for the 

HttpServletRequest object is named 
request, and you can use it within 
scriptlets or expressions, but not within 
directives or declarations. Whatever 
you can do with a request object in a 
servlet, you do inside your JSP. 

► A JSP’s servlet method can process 
request parameters, because 
remember, your code is going to be 
inside a servlet’s service method. You 
don’t have to worry about which of the 
HTTP methods (GET or POST) was 
used in the request. 
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using JSP 


We’ve put a few lines in for you. The code you put in this JSP 
MUST work with the code that’s already here. When you’re 
done, it should be compilable and produce the result on the 
opposite page (you must ASSUME that there’s already a work¬ 
ing servlet that first gets the request, sets the request attribute 
‘names”，and forwards the request to this JSP). 


The friends who share your hobby of 


are : <br> 


<% Iterator it = al.iterator(); 


<br> 

<% } %> 


^essSTon JSP 一私 - 


n/o 认 






a\\ 






getAttribute (''names") | 

I <%二 | 


<%@ 

I 

session, j 

— ~ —- 1 




import j ava.util .^； 








import 

1 


) 





r 

<%= 

i_ 
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exercise answers 



BE {ke Container 

Answers 


#2 is straightforward and works. #1 is a fundamental Java 
language issue (using a local variable before it’s declared), and 
#3 also demonstrates a fundamental Java language issue—what 
happens when you have an instance and local variable with the 
same name. So you see... if you translate the JSP code into 
servlet Java code, you’ll have no trouble figuring out the result. 
Once your JSP stuff is inside a servlet, it’s just Java. 


① 


<htmlxbody> 

Test scriptlets... 
<% int y=5+x; %> 

<% int x=2; %> 
</body></html> 


This Compile/ e 乂 a 匕 *tly 

like 3 method y/i 七 h: 

void -fooO { 

. ^ , 匕 t\ryihg io use vav-iablc V 

rn-t y - ^ + >C ； BEFORE ii f s dc-Pihcd. The Java 

mi - Z; lah 9 ua 9 c docs^i allow ihai the 

CohtaihC\r v/Oh ； t bothc\r "to 

j the o\rdc\r o( youv- s^\yi\ti toAt- 


② 


<%@ page import=^ j ava. util. * ,r %> 
<htmlxbody> 

Test scriptlets... 

<% ArrayList list = new ArrayList(); 
list. add (new String ( 、 'foo 〃））； 

%> 

<%= list.get(0) %> 

</body></html> 



Test scriptlets... foo 


|\(o problems; fvm-b *tV^C 

^\rs，i (av\d ovxly) object m 
七 k AwavUst 


\ 丄丄匕 ■•丄 LL- 1 -/ ^ 

ci f- c ； r* -r i -nt- 1 


Test 
<%! 


scriptlets... 
int x = 42; %> 
<% int x 

<%= x %> ^ - - 

</body></html> 


1 l： 


x ；7 f • v.H.ble 

P 恐 e ， 鱗 

r t z; ,hsie3d ih c 

v ^iciblc x (ZZ) 

&： e ；r io： 
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Code Magnets 

Answers 


If your answer looks a little different, but you 
still think it should work—try it! You’ll have to 
make the servlet that takes the form request, 
sets an attribute, and forwards (dispatches) 
the request to the JSP. 


IVlc r\ttA impovt page di\rcd*tivc 
because Av*v-ayLis*t |*tc\ra-bo\r. 


<htmlxbody> 


The friends who share your hobby of 




are : <br> 



<br> 


<% } %> Pmish 七 he while loop blodkf (|-f you 

七 his, ••七 y/o/ 七 Compile)- 

</body></html> 
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valid and invalid expressions 


A comment... 

Yes, you can put comments in your 
JSP. If you’re a Java programmer with 
very little HTML experience, you 
might find yourself typing: 

/ / this is a comment 

without thinking twice. But if you 
do, then unless it’s within a scriptlet 
or declaration tag, you’ll end up 
DISPLAYING that to the client as 
part of the response. In other words, 
to the Container, those two slashes are 
just more template text, like “Hello” or 
“Email is:”. 

You can put two different types of 
comments in a JSP ： 

> <!-- HTML comment ■■> 

The Container just passes this straight on 
to the client, where the browser interprets 
it as a comment. 


> <%■■ JSP comment ■■%> 


These are for the page developers, and 
just like Java comments in a Java source 
file, they’re stripped out of the translated 
page. If you’re typing a JSP and want to 
put in comments about what you’re doing, 
the way you’d use comments in a Java 
source file, use a JSP comment. 

If you want comments to stay as part 
of the HTML response to the client 
(although the browser will hide them from 
the client’s view), use an HTML comment. 


■cf^harpen your pencil 

ANSWERS 


Valid and Invalid Expressions 


Valid? 




<%= 27 %> 

All p\rir»\i*tivc litcv-als av-c -f'me- 


Q <%= ((Math.randomQ + 5)*2); %> 






HO! The scmidolo^ be hcv-c- ^ 

<%= “27” %> 

li*tcv-al is -f mc- 

<%= Math.random() %> 

Yes, -the rr\C*thod v-c*tu\r^s a double. 


□ <%= String s = “foo” %> 

NO! yi>u da 灼’七 have 3 vanable dc^lav-atio^ hcv-c- 


<%= new String[3] %> 

Yes, because -the av-v-ay is by\ object AKV 

objcd*t be sc 灼七七 o a p\r*m*tUO 

<% = 42 氺 20 %> 




MO! The is bu 七 *thevVs a spade bc*tv/cci^ 

■the % dhd -the —. |*t be <% —, i*t mus*t be <% 二 . 


<%= 5 > 3 %> 




Su\rc, 七 his \rcsolvcs *bo B boolean so i*t p\rnrrb '*brue' 

<%= false %> 

l/Vlc dkeady said p\rimi*tivc li-tcv-als av-c -fmc. 

<%= new Gounter() %> 

Ko pvoblcrw. This is jus*t like i*t p\r'm*ts 

\rcsul*t objects mrtiiod. 
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API for the generated servlet 

The Container generates a class from your JSP that 
implements the HttpJspPage interface. This is the only 
part of the generated servlet’s API that you need to 
know. You don’t care that in Tomcat, for example, your 
generated servlet extends: 

org.apache.jasper.runtime.HttpJspBase 

All you need to know about are the three key methods: 


> jsplnit() 

This method is called from the init() method. 

You can override this method. (Can you figure out how?) 


〈〈 interface 〉〉 

javax.servletjsp.JspPage 


jsplnit() 

jspDestroy() 


rou £>3^ 


OVCV"V-\dc *t^csc- 


△ 


《 interface 〉〉 

javax.servletjsp.HttpJspPage 


JspServicefHttpServletRequest, HttpServletResponse) 

>u CANNOT ovcv-v-'»dc 七 Wis! 


> jspDestroyQ 


This method is called from the servlet’s destroy 。 method. 
You can override this method as well. 


> JspService() 

This method is called from the servlet's service() method, 
which means it runs in a separate thread for each request. 
The Container passes the Request and Response objects to 
this method. 

You can’t override this method! You can’t do ANYTHING with 
this method yourself (except write code that goes inside it), 
and it's up to the Container vendor to take your JSP code 
and fashion the JspService() method that uses it. 
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JSP lifecycle 



The Container tries to COMPILE the 
servlet .java source into a .class file. 


^3 






^C\r C . 


compile 


— 

Web Container 


MyJSPjsp.java 


MyJSPjsp.class 
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package 
apache; 
import ja- 
vax.servlet. 
HttpServ- 
let.*; 


generate 


1 


Lifecycle of a JSP 


You write the .jsp file. 

The Container writes the .java file for the servlet your JSP becomes. 


0 Kim writes a .jsp file, 
and deploys it as 
part of a web app. 


The Container ''reads" the web.xml (DO) for 
this app, but doesn’t do anything else with the 
.jsp file (until the first time \Ys requested). 





or\ 


d 


/ ^ 
i ^ 


_ ixf 

Web Container 


<?xml vezx 
sion= 〃 l■ (T 
encoding 
= 〃 UTF-8"?> 

<!DOCTYPE 


<html> j 

4 

<body> 


<% ! int j 

; %> 

Hello : 


<%= x %> 


</body> 


</html> 



web.xml 


MyJSP.jsp 


The client hits a link 
that asks for the .jsp. 


I n 匕 uumuiri 匕 ir ieb io i KniNoun i c • 

into .java source code for a servlet class. 



request—«^ 


translate 


Web Container 


<html> 


<body> 


<% ! int 

c;%> 

Hello : 


<%= x %> 


</body> 


</html> 



generate 


MyJSP.jsp 





























JSP lifecycle continued... 


using JSP 


④ 


The Container LOADS the 
newly-generated servlet class. 



)=[ 


load 


—nV 

Web Container 


^0 


飞 

0010 0001 
100 1001 
001 0011 
101 0110 


MyJSPjsp.class 


⑤ 



The Container instantiates the The object is now a full-fledged servlet, 

servlet and causes the servlefs ready to accept client requests. 

jsplnit() method to run. 


- jspImtO 

-J 

Web Container 



\ 





⑥ 



The Container creates a new thread to 
handle this client's request, and the 
servlefs _JspService() method runs. 


Everything that happens after 
this is just plain old servlet 
request-handling. 



Eventually the servlet sends a 
response back to the client (or 
forwards the request to another 
web app component). 
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translation and compilation 


Wow. I am truly impressed. I 
would never have guessed that 
they could make requesting a JSP 
take just as much overhead as calling a 
method on an EJB. I’m thinking the client 
has to wait, what, five minutes for all 
that translating, compiling, and 
initializing? 



Translation and compilation 



When you deploy a web app with a JSP, the 
whole translation and compilation step happens 
only once in the JSP’s life. Once it’s been 
translated and compiled, it’s just like any other 
servlet. And just like any other servlet, once that 
servlet has been loaded and initialized, the only 
thing that happens at request time is creation or 
allocation of a thread for the service method. So 
the picture on the previous two pages is for only 
the first request. 

o ： 

OK, so that means only the first client to ask 
for the JSP takes the big hit. But there MUST be a 
way to configure the server to pre-translate and 
compile...right? 




Although it's only the first client that has to 
wait, most Container vendors DO give you a way to 
ask for the whole translation/compilation thing to 
happen in advance, so that even the first request 
happens like any other servlet request. 


But watch out — it’s vendor-dependent and not 
guaranteed. There IS a mention in the JSP spec (JSP 
11.4.2) of a suggested protocol for JSP precompilation. 
You make a request for the JSP appending a query 
string "?jsp_precompile”, and the Container might (if 
it chooses) do the translation/compilation right then 
instead of waiting for the first real request. 


308 


chapter 7 


using JSP 


Iharpen your pencil 



Think about these questions. Flip back through 
earlier pages (and chapters) if you need to, but 
don’t turn the page until you’ve done this. 

Yes, you CAN get servlet init parameters from a 
JSP, the questions are: 

1) How would you retrieve them in your code? (Big, 
huge, gravel-hauling hint: pretty close to the same 
way you retrieve them in a “normal” servlet. From 
which object do you normally get servlet init param¬ 
eters? Is that object available to your JSP code?) 


2) How/where would you configure the servlet init 
parameters? 


3) Suppose you do want to override the init() 
method... how would you do it? Is there something 
else you can do that'll give you the same result? 
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overriding jsplnit() 


Initializing your JSP 

You can do servlet initialization stuff in your JSP, but it’s slightly 
different from what you do in a regular servlet. 


Configuring servlet init parameters 


You configure servlet init params for your JSP virtually the same way you 
configure them for a normal servlet. The only difference is that you have 
to add a <jsp-file> element within the <servlet 〉 tag. 


<web-app ...> 

<servlet> 

<servlet-name>MyTestInit</servlet-name> 

< j sp-file>/TestInit. j sp</j sp-file> 

<init-param> 

<param-name>email</param-name> 

<param-value>ikickedbutt@wickedlysmart.com</param-value> 



soviet seated 


tw»s OSP 


</init-param> 
</servlet> 


<servlet-mapping> 

<servlet-name>MyTestInit</servlet-name> 
<url-pattern>/TestInif•j sp</url-pattern> 
</servlet-mapping> 

</web-app> 




Overriding jsplnit() 


Yes, it’s that simple. If you implement a jspInitQ method, the Container calls 
this method at the beginning of this page’s life as a servlet. It’s called from the 
servlet’s init() method, so by the time this method runs there is a ServletGonfig and 
ServletGontext available to the servlet. That means you can call getServletGonfig() 
and getServletGontext() from within the jsplnit() method. 

This example uses the jsplnit() method to retrieve a servlet init parameter 
(configured in the DD), and uses the value to set an application-scoped attribute. 


<%!々 




fouv-c 


a scvvlct, so 70U 




public void jsplnit () { 

ServletConfig sConfig = getServletConfig (); 

String emailAddr = sConfig • getlnitParameter (''email ”）； 
ServletContext ctx = getServletContext(); 
ctx • setAttribute (''mail ”， emailAddr) ; / 


TWl f is EXACTL/ what 

you d do ih d hov-hr»a| scv~vlct 




%> 
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Attributes m a JSP 

The example on the opposite page shows the JSP setting an application-scoped 
attribute using a method declaration that overrides jsplnit(). But most of the 
time you’ll be using one of the four implicit objects to get and set attributes 
corresponding to the four attribute scopes available in a JSP. 

Yes, four. Remember, in addition to the standard servlet request, session, and 
application (context) scopes, a JSP adds a fourth scope — page scope — that you get 
from a pageGontext object. 


You usually won’t need (or care about) page scope unless you’re developing 
custom tags, so we won’t say any more about it until the custom tags chapter. 


In a servlet 


In a JSP 

(using implicit objects) 


Application 

getServletContextO-setAttributeffoo", barObj); 

application.setAttribute(‘‘foo”, barObj); 

Request 

request.setAttribute(“foo” ， barObj); 

request.setAttribute(“foo”, 

,barObj); 

Session 

request.getSession().setAttribute(“foo”, barObj); 

session.setAttribute(“foo” 

,barObj); 

Page 

Does not apply! 

pageContext.setAttributeffoo”, barObj) 


But this isn’t the whole story! In a JSP, there’s another way to get and 
set attributes at any scope, using only the pageGontext implicit object. 
Turn the page and find out how... 
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pageContext and attributes 


Using PageCowtext for attributes 

You can use a PageContext reference to get attributes 
from any scope, including the page scope for attributes 
bound to the PageContext. 

The methods that work with other scopes take an int 
argument to indicate the scope. Although the attribute 
access methods come from JspContext, you’ll find the 
constants for the scopes inside the PageContext class. 


JspContext 

getAttribute(String name) 
getAttribute(String name, int scope) 
getAttributeNameslnScope(int scope) 
findAttribute(String name) 

七 Ws 栋 a 七 v/ovk 

II more methods ^OV AKV — 

II including similar methods to 
II set and remove attributes from 
II any scope 


△ 



PageContext 

APPLICATION_SCOPE 

PAGE_SCOPE 

REQUEST.SCOPE 

SESSION_SCOPE 

II more fields 


getRequest() 

getServletConfig() 

getServletContext() 

getSession() 


II more methods 
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Getting a page-scoped attribute 

<%= pageContext. getAttribute (''foo^) %> 


<% Float one = new Float(42.5); %> 

<% pageContext. setAttribute ( 、 'foo 〃， one) ; %> 


Examples using pageCowtext to 
get and set attributes 


Setting a page-scoped attribute 



Using the pageContext to set a session-scoped attribute 

<% Float two = new Float(22.4); %> 

<% pageContext.setAttribute(''foo^, two, PageContext.SESSION_SCOPE); %> 

Using the pageContext to get a session-scoped attribute 

<%= pageContext.getAttribute( 、 'foo 〃， PageContext•SESSION 一 SCOPE) %> 

(Which is identical to: <%= session. getAttribute (''foo^) %> ) 

Using the pageContext to get an application-scoped attribute 

Email is : 

<%= pageContext.getAttribute(''mail^, PageContext.APPLICATION_SCOPE) %> 

Within a JSP, the code above is identical to: 

Email is : 

<%= application.getAttribute (''mail^) %> 

Using the pageContext to find an attribute when you don’t know the scope 

2 

<%= pageContext .findAttribute (''f oo ,y， ) %> 

Where does the findAttribute() method look? It looks first in the page context, so if there’s a “foo” 
attribute with page context scope, then callingyz/z^/Attribute(String name) on a PageContext works just 
like calling 客以 Attribute (String name) on a PageContext. But if there’s no “foo” attribute, the method 
starts looking in other scopes, from most restricted to least restricted scope — in other words, first 
request scope, then session, then finally application scope. The first one it finds with that name wins. 
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three directives 


While wcVe ow the subject... let's 
talk more about the three directives 

We already looked at the directive used for getting import statements into 
the generated servlet class made from your JSP. That was a page directive 
(one of the three directive types) with an import attribute (one of 13 
attributes of the page directive). We’ll take a quick look now at the others, 
although some won’t be covered in detail until later chapters, and some 
won’t be covered in detail at all in this book, because they’re rarely used. 

① The page directive 

<%@ page import= 〃 foo •*〃 session= 〃 false 〃 %> 

Defines page-specific properties such as character encoding, the 
content type for this page’s response, and whether this page should 
have the implicit session object. A page directive can use up to 
thirteen different attributes (like the import attribute), although only 
four attributes are covered on the exam. 

@ The taglib directive 

<%@ taglib tagdir=’’/WEB-INF/tags/cool" prefix=’’cool" %> 

Defines tag libraries available to the JSP. We haven’t talked about 
using custom tags and standard actions yet, so this might not make 
any sense at this point. Just go with it for now...we have two whole 
chapters on tag libraries coming up soon. 

③ The include directive 

<%@ include file= 〃 wickedHeader• html 〃 %> 

Defines text and code that gets added into the current page 
at translation time. This lets you build reusable chunks (like a 
standard page heading or navigation bar) that can be added to 
each page without having to duplicate all that code in each JSP. 


o ： 

I’m confused... this page heading says, "while we’re on the subject 
but I don’t see how directives have anything to do with pageContext and 
attributes. 


A I 

They don’t, not really. We just said that to cover a bad pathetic 
nonexistent transition between two unrelated topics. We hoped nobody would 
notice, but NO...you just couldn’t let it go, could you? 
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Attributes to the page directive 

Of the 13 page directive attributes in the JSP 2.0 spec, only four are covered on the 
exam. You do NOT have to memorize the entire list; just get a feel for what you can do. 
(We’ll look at the isELIgnored and the two error-related attributes in later chapters.) 

POSSIBLY on the exam - 


import 

Defines the Java import statements that’ll be added to the generated servlet class. You get some 
imports for free (by default): java.lang (duh), javax.servlet, javax.servlet.http, and javax.servlet.jsp. 

isThreadSafe 

Defines whether the generated servlet needs to implement the SingleThreadModel, which, as you 
know, is a Spectacularly Bad Thing. The default value is..."true", which means, “My app is thread 
safe, so 1 do NOT need to implement SingleThreadModel, which 1 know is inherently evil.” The only 
reason to specifiy this attribute is if you need to set the attribute value to “false”, which means that 
you want the generated servlet to use the SingleThreadModel, but you never will. 

contentType 

Defines the MIME type (and optional character encoding) for the JSP response. You know the default. 

isELIgnored 

Defines whether EL expressions are ignored when this page is translated. We haven’t talked about 

EL yet; that’s conning in the next chapter. For now, just know that you might choose to ignore EL 
syntax in your page, and this is one of the two ways you can tell the Container. 

isErrorPage 

Defines whether the current page represents another JSFs error page. The default value is “false ”， 
but if it’s true, the page has access to the implicit exception object (which is a reference to the 
offending Throwable). If false, the implicit exception object is not available to the JSP. 

errorPage 

Defines a URL to the resource to which uncaught Throwables should be sent. If you define a JSP 
here, then that JSP will have an isErrorPage=”true” attribute in its page directive. 


NOT on the exam 


language 

Defines the scripting language used in scriptlets, expressions, and declarations. Right now, the only 
possible value is “java”，but the attribute is here because isn’t it just like those spec developers to be 
thinking of the future, when other languages might be used. 

extends 

Defines the superclass of the class this JSP will become. You won’t use this unless you REALLY 
know what you’re doing—it overrides the class hierarchy provided by the Container. 

session 

Defines whether the page will have an implicit session object. The default value is “true”. 

buffer 

Defines how buffering is handled by the implicit out object (reference to the JspWriter). 

autoFlush 

Defines whether the buffered output is flushed automatically. The default value is “true”. 

info 

Defines a String that gets put into the translated page, just so that you can get it using the generated 
servlet’s inherited getServletlnfo() method. 

pageEncoding 

Defines the character encoding for the JSP. The default is “ISO-8859-1” (unless the contentType 
attribute already defines a character encoding, or the page uses XML Document syntax). 
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are scriptlets bad? 


This is SUCH a nice 
chapter with a VERY lovely look 
at how to put Java code in a JSP, 
but, um y look at this company¬ 
wide memo I just got. 



Interoffice Memo from the CTO 


URGENT 

Effective immediately, anyone caught 
using scriptlets, expressions , or 
declarations in their JSP code will be 
suspended without pay until such time 
as it can be determined whether the 
programmer was fully responsible or 
simply trying to maintain some OTHER 
idiot A s code. 

If, in fact, the determination is 
made that the programmer is, in fact, 
responsible, the company will go ahead 
and, in fact, terminate the employee. 


Rick Forester 

Chief Technology Officer 


''Remember : there is no '' 工〃 in TEAM. ^ 

''Write your code as if the next guy* 
to maintain it is a homicidal maniac 
who knows where you live.” 

[*Note to HR: we use ''guy” in its non¬ 
gender specific form.] 
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Script lets considered harmful? 

Is it true? Could there be a downside to putting all this Java into your JSP? After 
all, isn’t that the whole frickin’ POINT to aJSP? So that you write your Java in 
what is essentially an HTML page as opposed to writing HTML in a Java class? 


Some people believe (OK, technically a lot of people including the JSP and 
Servlet spec teams) that it’s bad practice to put all this Java into your JSP. 

Why? Imagine you’ve been hired to build a big web site. Your team includes 
a small handful of back-end Java programmers, and a huge group of “web 
designers” 一 graphic artists and page creators who use Dreamweaver and 
Photoshop to build fabulous-looking web pages. These are not programmers 
(well, except for the ones who still think HTML is “coding”). 



Aspiring actors working as web designers 
while waiting for their big showbiz break. 
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scripting is out there 


Two questions—WHY are 
you making us learn it, and WHAT is 
the alternative? What the f*** else 
IS there besides HTML if you can’t 
put scriptlets, declarations, and 
expressions in your JSP? 



There didn't used to PE aw alternative. 

That means there are already mountains of JSP files brimming with 
Java code stuck in every conceivable spot in the page, nestled 
between scriptlet, expression, and declaration tags. It’s out there 
and there isn’t anything anyone can do to change the past. So 
that means you’ve got to know how to read and understand these 
elements, and how to maintain pages written with them (unless 
you’re given the chance to massively refactor the app 5 s JSPs). 

Secretly, we think there’s still a place for some of this--nothing 
beats a little Java in a JSP for quickly testing something out on your 
server. But for the most part, you don’t want to use this for real, 
production pages. 

The reason this is all on the exam is because the alternatives are still 
fairly new, so most of the pages out there today are still “old-school”. 

For the time being，you still have to be able to work with it! At 

some point, when the new Java-free techniques hit critical mass, the 
objectives from this chapter will probably drop off the exam, and 
we’ll all breathe a collective sigh at the death of Java-in-JSPs. 


But today is not that day. 


(Note to parents and teachers: the four-let¬ 
ter word implied in this thought bubble, that 
starts with T, followed by three asterisks, 
is NOT what you think. It was just a word 
that we found too funny to include without 
distracting the reader, so we bleeped it out. 
Because it’s funny. Not bad.) 
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Oh if only there were a way 
in a JSP to use simple tags 
that cause Java methods to run, 
without having to put actual Java 
code into the page. 



EL: the answer to, well, everything. 

Or almost everything. But certainly an answer to two big 
complaints about putting actual Java into a JSP: 

1) Web page designers shouldn’t have to know Java. 

2) Java code in a JSP is hard to change and maintain. 

EL stands for “Expression Language”，and it became officially 
part of the spec beginning with JSP 2.0 spec. EL is nearly 
always a much simpler way to do some of the things you’d 
normally do with scriptlets and expressions. 

Of course right now you’re thinking, “But if I want my JSP 
to use custom methods, how can I declare and write those 
methods if I can’t use Java?’’ 

Ahhhh... writing the actual functionality (method code) is not 
the purpose of EL. The purpose of EL is to offer a simpler way 
to invoke code — but the code itself belongs somewhere else. 

That means in a regular old Java class that’s either a JavaBean, 
a class with static methods, or something called a Tag Handler. 
In other words, you don’t write method code into your JSP 
when you’re following today’s Best Practices. You write the Java 
method somewhere else, and call it using EL. 
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first look at EL 


Sneak peek at EL 


The entire next chapter is on EL, so we won’t go into details here. 
The only reason we’re covering it is because it’s yet another kind 
of element (with its own syntax) that goes in a JSP, and the exam 
objectives for this chapter include recognizing everything that can 
go into a JSP. 


This EL expression: 

Please contact : ${applicationScope.mail} 


An EL expression ALWAYS 
looks like this: ${something} 

In other words, the expression 
is ALWAYS enclosed in curly 
braces, and prefixed with a 
dollar ($) sign. 


Is the same as this Java expression: 

Please contact : <%= application. get Attribute (''mail^) %> 


^iiereiqrejio 

Dumb Questions 

o ： 

Not to be all negative, but I'm not sure I see an earth-shattering 
difference between the EL and the Java expression. Sure, it’s a little 
shorter, but is that worth a whole new scripting language and JSP 
coding approach? 


You SO haven't seen the full benefit of EL yet. The differences 
will become obvious in the next chapter when we dive in. But you must 
remember that to a Java programmer, EL is NOT neccessarily a dramatic 
development advantage. In fact, to a Java programmer it simply means 
"one more thing (with its own syntax and everything) to learn, when, hey, I 
already KNOW Java...” 

But it’s not always about you. EL is much easier for a non-Java programmer 
to learn and get up to speed in. And for a Java programmer, it is still much 
easier to maintain a scriptless page. 

Yes, it’s still something to learn. It doesn’t let web page designers 
completely off the hook, but you’ll soon see that it’s more intuitive and 
natural for a web designer to use EL. For now, in this chapter, you simply 
need to be able to recognize EL when you see it. And don’t worry at this 
point about recognizing whether the expression itself is valid —— all we care 
about now is that you can pick out an EL expression in a JSP page. 
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And just HOW do you 
expect me to get my 
programmers to stop using 
scripting elements in their 
JSPs? 



Easy—you can put an 
element in the DD that 
disables all scripting 
elements! 





Using 〈 scripting - invalid 〉 

It’s simple — you can make it invalid for a 
JSP to have scripting elements (scriptlets, 

Java expressions, or declarations) by putting 
a <scripting-invalid> tag in the DD: 

<web-app ...> 

< j sp-config> 

<jsp-property-group> 

^ <url-pattern>*.jsp</url-pattern 〉 

/ 旱 <scripting-invalid> 
true 

</scripting-invalid 〉 

</jsp-property-group> 

</j sp-config> 


</web-app> 


"This docs hot wov-k^ 

The isS^vip-tihjEhablcd 

a 七 "bribu 七 e is ho lohAcv* i 
the JSP spe 匕 / 



Watch out — you might have seen other books 
or articles show a page directive that disables 
scripting. In a draft version of the 2.0 spec, 
there was a page directive attribute: 

<%@ page isScriptingEnabled=”false” %> 

but it was removedfrom the final spec!! 


The only way to invalidate scripting now is 
through the <scripting-invalid> DD tag. 
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You caw choose to igworg EL 

Yes, EL is a good thing that’s going to save the world as we know it. But sometimes 
you might want to disable it. Why? 


Think back to when the assert keyword was added to the Java language with version 
1.4. Suddenly the formerly unreserved and perfectly legal identifier “assert” meant 
something to the compiler. So if you had, say, a variable named assert, you were 
screwed. Except that J2SE version 1.4 came with assertions disabled by default. If you 
knew you were writing (or recompiling) code that didn’t use assert as an identifier, then 
you could choose to enable assertions. 

So it’s kind of the same thing with disabling EL — if you happened to have template 
text (plain old HTML or text) in your JSP that included something that looked like 
EL (^{something}) ， you’d be in Big Trouble if you couldn’t tell the Container to just 
ignore anything that appears to be EL and instead treat it like any other unprocessed 
text. Except there’s one big difference between EL and assertions: 


El is enabled by default! 

If you want EL-looking things in your JSP to be ignored, you have to say so 
explicitly, either through a page directive or a DD element. 


Putting <el-ignored> in the DD 

<web-app ...> 

參參參 

< j sp-config> 

<jsp-property-group> 
<url-pattern>*.jsp</url-pattern> 

<el-ignored 〉 
true 

</el-ignored> 

</jsp-property-group> 

</j sp-config> 

</web-app> 


The page directive 
takes priority over 
the DD setting! 

If there’s a conflict between the 
<el-ignored> setting in the DD and 
the isELIgnored page directive attri¬ 
bute, the directive always wins! That 
lets you specify the default behavior 
in the DD, but override it for a specific 
page using a page directive. 


Using the isELIgnored page 
directive attribute 

<%@ page isELIgnored= A, true A, %> 


'Jatcf, out for 

^consistencyr 


The DD t ° nsi 'stencyr 

^ no, one would maybe ， n or 二 
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Put wait... there's still another J8? 
element we haven't seen: actions 


So far, you’ve seen five different types of elements that can appear in a JSP: 
scriptlets, directives, declarations, Java expressions, and EL expressions. 

But we haven’t seen actions. They come in two flavors: standard and.../zo^. 


Standard Action: 


<j sp : include page= 〃 wickedFooter•jsp 〃 / > 




<c : set var="rate" value="32" / > 


Although that’s misleading, because there are some actions that aren’t 
considered standard actions, but which are still part of a now-standard library. 
In other words, you’ll later learn that some of the non-standard (the 
objectives refer to them as custom) actions are... standard, but yet they still 
aren’t considered “standard actions”. Yes, that’s right — they’re standardized 
non-standard custom actions. Doesn’t that just clear it right up for you? 

In a later chapter when we get to “using tags” ， we’ll have a slightly richer 
vocabulary with which to talk about this in more detail, so relax. For now ， 
all we care about is recognizing an action when you see it in a 

JSP! 



Look at the syntax for an action, and compare it to the syntax for the other 
kinds of JSP elements. Then answer this: 


1) What are the differences between an action element and a scriptlet? 


2) How will you recognize an action when you see it? 
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rcise 


Evaluation Matrix 

Think about what happens when each of 
these settings (or combination of settings) 
occurs. You'll see the answers when you 
turn the page, so do this one NOW. 


① EL Evaluation 


Place a checkmark in the evaluated column if the 
settings would cause the EL expressions to be 
evaluated, OR place a checkmark in the ignored 
column if EL will be treated like other template text. 
No row will have two checkmarks, of course. 


DD configuration 
<el-ignored> 


page directive evaluated ignored 

isELIgnored 


unspecified 

unspecified 



false 

unspecified 



true 

unspecified 



false 

false 



false 

true 



true 

false 




② Scripting validity 


Place a checkmark in the evaluated column if the settings 
would cause the scripting expressions to be evaluated, 
OR place a checkmark in the error column if scripting will 
cause a translation error. 


DD configuration evaluated error 
<scripting-invalid> 


unspecified 



true 



false 
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JSP Element Magnets 

Match the JSP element with its label by placing the JSP snippet in 
the box with the label representing that element type. Remember, 
you'll have Drag and Drop questions on the real exam similar to 
this exercise, so don’t skip it! 

JSP element type JSP snippet 


directive 


declaration 


EL expression 



scriptlet 


expression 



action 
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JSP Element Magnets: die Sequel 

You know what they’re called, but do you remember where they go in the 
generated servlet? Of course you do. But this is just a little reinforcement/practice 
before we move on to a different chapter and topic. 

(Put the element in the box corresponding to where that element’s generated code 
will go in the servlet class file. Note that the magnet itself does not represent the 
ACTUAL code that will be generated. 



public final class BasicCounter—jsp extends org.apache.jasper.runtime.HttpJspBase 

implements org.apache.j asper.runtime.JspSourceDependent { 



public void _jspService (HttpServletRequest request, HttpServletResponse response) 

throws java•io • 工 OException, ServletException { 
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Evaluation Matrix 
ANSWERS 


① EL Evaluation 


DD configuration 
<el-ignored> 


page directive evaluated ignored 

isELIgnored 


unspecified 

unspecified 



false 

unspecified 

s/ 

/ 

true 

unspecified 


V 

false 

false 

V 


false 

true 


V 

true 

false 




② Scripting validity 


DD configuration evaluated error 
<scripting-invalid> 


unspecified 

s/ 


true 



false 
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JSP Element Magnets 

ANSWERS 



directive 



email: ${applicationScope.mail} 


EL expression 




expression 


The word ^expression 55 
by itself means 
“scripting expression 55 
NOT “EL expression’’- 

Of course the word “expression” is over¬ 
loaded for JSP elements. If you see the 
word “expression” or “scripting expression 
it means the same thing—an expression 
using Java language syntax. 

<%= foo.getName() %> ” 

The only time the word Expression refers 
to EL is if you specifically see cl EL in the 
descriptions or label! So, always assume 
that the default for the word ^expression 

is “scripting/Java expression”，not EL. 





action 
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JSP Element Magnets: Ae Sequel 

ANSWERS 





public final class BasicCounter—jsp extends org.apache.jasper.runtime.HttpJspBase 

implements org.apache.j asper.runtime.JspSourceDependent { 

avc 

so 

public void —jspService(HttpServletRequest request, HttpServletResponse response) 

throws java•io • 工 OException, ServletException { 


-fov 

50 msidc *tV^C ^'ass 


pc6lava*t'»ov\s 
dc6lava*t'«ov\s, 
dy\d o\A^At 



staWe,*ts *m se^de 




C%fV-CSSIOV\S 50 

method- 


lV\Sldc 七 ^ 


Wo*tc ： the o\rdc\r o-P "these 
th\rec thih^s docSh ； t rwattcv-J 
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mock exam 






Given this DD element: 

47. <jsp-property-group> 

48 . <url-pattern>*.jsp</url-pattern> 

49. <el-ignored>true</el-ignored> 

50. </jsp-property-group> 

What does the element accomplish? (Choose all that apply.) 

Q A. All files with the specified extension mapping should be treated by the 
JSP container as well-formed XML files. 

Q B. All files with the specified extension mapping should have any 
Expression Language code evaluated by the JSP container. 

Q C. By default, all files with the specified extension mapping should NOT 
have any Expression Language code evaluated by the JSP container. 

Q D. Nothing, this tag is NOT understood by the container. 

Q E. Although this tag is legal, it is redundant, because the container 
behaves this way by default. 



Which directives specify an HTTP response that will be of type “image/svg ”？ 
(Choose all that apply.) 


□ 

□ 

□ 

□ 

□ 


A. 

B. 

G. 

D. 

E. 


<%@ 

<%@ 

<%@ 

<%@ 

<%@ 


page type="image/svg" %> 
page mimeType="image/svg’’ ％ > 
page 1anguage= " image / svg " %> 
page contentType= " image / svg " %> 
page pageEncoding="image/svg" %> 
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Given this JSP: 

1. <%@ page import=^java.util .*" %> 

2. <htmlXbody> The people who like 

3 . <%= request. getParameter (''hobby) %> 

4. are: <br> 

5 . <% ArrayList al = (ArrayList) request. getAttribute (''names ") ; %> 

6. <% Iterator it = al.iterator(); 

7 . while (it.hasNext()) { %> 

8 . <%= it .next () %> 

9. <br> 

10 . <% } %> 

11. </bodyX/html> 

Which types of code are used in this JSP? (Choose all that apply.) 


□ 

A. 

EL 

□ 

B. 

directive 

□ 

G. 

expression 

□ 

D. 

template text 

□ 

E. 

scriptlet 


Which statements about jsplnit () are true? (Choose all that apply.) 

□ A. It has access to a ServletConfig. 

Q B. It has access to a ServletContext. 

Q G. It is only called once. 

□ D. It can be overridden. 
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Which types of objects are available to the jsplnit () method? 
(Choose all that apply.) 


□ 

A. 

□ 

B. 

□ 

G. 

□ 

D. 

□ 

E. 

□ 

F. 


ServletConfig 

Servle tContext 

JspServletConfig 

JspServletContext 

HttpServletRequest 

HttpServletResponse 



Given: 

<%@ page isELIgnored=' , true /, %> 

What is the effect? (Choose all that apply.) 

Q A. Nothing, this page directive is NOT defined. 

Q B. The directive turns off the evaluation of Expression Language code 
by the JSP container in all of the web application’s JSPs. 

口 G. The JSP containing this directive should be treated by the JSP 
container as a well-formed XML file. 

Q D. The JSP containing this directive should NOT have any Expression 
Language code evaluated by the JSP container. 

口 E. This page directive will only turn off EL evaluation if the DD 

declares a <el-ignored>true</el-ignored 〉 element with a 
URL pattern that includes this JSP. 


7 


Which statement concerning JSPs is true? (Choose one.) 

Q A. Only j splnit () can be overridden. 

Q B. Only jspDestroy () can be overridden. 

Q G. Only _jspService () can be overridden. 

Q D. Both j splnit () and jspDestroy () can be overridden. 

Q E. j splnit (), j spDestroy (), and _ j spService () can all be 

overridden. 
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Which JSP lifecycle step is out of order? 

□ A. Translate the JSP into a servlet. 
Q B. Compile servlet source code. 

Q C. Call _jspService () 

Q D. Instantiate the servlet class. 

口 E. Call jsplnit () 

□ F. Call jspDestroy () 



Which are valid JSP implicit variables? (Choose all that apply.) 


□ 

A. 

stream 

□ 

B. 

context 

□ 

G. 

exception 

□ 

D. 

listener 

□ 

E. 

application 


10 


Given a request with two parameters: one named “first” represents a user’s 
first name and another named “last” represents his last name. 


Which JSP scriptlet code outputs these parameter values? 

Q A. <% out. println (request. getParameter (''first^)); 

out.println (request .getParameter (''last") ) ; %> 

B. <% out. println (application. getl nit Parameter (''first")); 

out .println (application .getlnitParameter (''last "))； 

G. <% println (request. getParameter (''first")); 

println (request. getParameter (''last")) ; %> 

D. <% println (application. getlnitParameter (''first")); 

println (application. ge tlnitParame ter (''last")) ; %> 


%> 
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11 


Given: 

11. Hello ${user.name}! 

12 . Your number is <c : out value=’’$ {user .phone} ”/>• 

13. Your address is <jsp : getProperty name="user" property: 

14. <% if (user.isValid()) {%>You are valid !<% } %> 

Which statements are true? (Choose all that apply.) 

□ A. Lines 11 and 12 (and no others) contain examples of EL elements. 

Q B. Line 14 is an example of scriptlet code. 

Q G. None of the lines in this example contain template text. 

Q D. Lines 12 and 13 include examples of JSP standard actions. 

Q E. Line 11 demonstrates an invalid use of EL. 


addr" /> 


CJ F. All four lines in this example would be valid in a JSP page. 


. Which JSP expression tag will print the context initialization parameter named “javax. 

U sql.DataSource ”？ 

A. <%= application. getAttribute (''javax. sql. DataSource^) %> 

<%= application.getlnitParameter (''javax. sql.DataSource A, ) %> 
<%= request.getParameter ('' javax. sql.DataSource^) %> 

D. <%= contextParam. get (''javax. sql. DataSource^) %> 


□ 

A. 

□ 

B. 

□ 

G. 

□ 

D. 



Which statements about disabling scripting elements are true? 
(Choose all that apply.) 

□ A. You can’t disable scripting via the DD. 

Q B. You can only disable scripting at the application level. 

Q G. You can disable scripting programmatically by using the 
isScriptingEnabled page directive attribute. 

□ D. You can disable scripting via the DD by using the 

<s crip ting-invalid 〉 element. 
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In sequence, what are the Java types of the following JSP implicit objects: 

14 application, out, request, response, session? 


Q A. java.lang.Throwable 
java.lang.Obj ect 
java.util.Map 
java.util.Set 
java.util.List 

Q B. javax. servlet. ServletConfig 
java.lang.Throwable 
java.lang.Obj ect 
javax.servlet.jsp.PageContext 
java.util.Map 

Q C. javax.servlet.ServletContext 
javax.servlet.jsp.JspWriter 
j avax.servlet.ServletRequest 
j avax.servlet.ServletResponse 
j avax.servlet.http.HttpSession 

Q D. javax.servlet.ServletContext 
java.io.PrintWriter 
j avax. servlet. ServletConfig 
java.lang.Exception 
j avax.servlet.Reques tDispatcher 


15 □ 

A. 

□ 

B. 

□ 

G. 

□ 

D. 

□ 

E. 


@%> 


16 


Given the JSP: 

1. <%@ page isELIgnored= n true" %> 

2 . <%@ taglib uri="http : //java.sun.com/jsp/jstl/core" 
prefix= n c" %> 

3. <c : set var="awesomeBand" value="LIMOZEEN "/ > 

4. ${awesomeBand} 


What will be the output? 


□ 

A. 

□ 

B. 

□ 

G. 

□ 

D. 


${awesomeBand} 
LIMOZEEN 


No output 


An exception will be thrown because all taglib directives must precede 
any page directives. 
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Given this DD element: (JSP ^ I 一 e1) 

47. <jsp-property-group> 

48 . <url-pattern>*.jsp</url-pattern> 

49. <el-ignored>true</el-ignored> 

50. </jsp-property-group> 


What does the element accomplish? (Choose all that apply.) 

口 A. All files with the specified extension mapping should be treated by the 
JSP container as well-formed XML files. 

Q B. All files with the specified extension mapping should have any 
Expression Language code evaluated by the JSP container. 

Oil C. By default, all files with the specified extension mapping should NOT 
have any Expression Language code evaluated by the JSP container. 

□ D. Nothing, this tag is NOT understood by the container. 

Q E. Although this tag is legal, it is redundant, because the container 
behaves this way by default. 


C *tuV"^S 

the evaluating o-f EL 
c%fv-cssio^s by a OSP 
Z.O Br\d by 

dc-Pault the do 灼七 amev" 
diocs 



^； : —~ : : : : (j S p vi. 0 试出挪 l . IO l) 

Which directives specify an HTTP response that will be of type “image/svg ”？ 

(Choose all that apply.) 


□ A. 

□ B. 

Q, G. 

□ D. 

□ E. 


<%@ 

<%@ 

<%@ 

<%@ 

<%@ 


page type="image/svg" %> 
page mimeType="image/svg’’ ％ > 
page 1 anguage= rr image / svg " %> 
page con ten tType = r, image / s vg ,r %> 
page pageEncoding="image/svg" %> 


—Option P is the 

to^td syntax, -fov- 
this divc6*tivc. 
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Given this JSP: 


(JSP vi.0 试 出 0 於 I) 


1. <%@ page import= A, java. util. *" %> 

2. <htmlXbody> The people who like 

3 . <%= request. getParameter (''hobby) %> 

4. are: <br> 

5. <% ArrayList al = (ArrayList) request .getAttribute (''names"); 

6. <% Iterator it = al.iterator(); 

7 . while (it.hasNext()) { %> 

8 . <%= it .next () %> 

9. <br> 

10 . <% } %> 

11. </bodyX/html> 


Which types of code are used in this JSP? (Choose all that apply.) 


□ A. EL 

B. directive 
ill C. expression 
5^ D. template text 
^ E. scriptlet 


— y\o EL *m this JSP- 

Thcvc s d div-cdtivc ov\ Imc I, 
C%Pv*cssio^s oy \ Imcs a 灼 d 

template it%i all ovcv (like Imc 2.), 
and o? bourse sdv-iftmj elemeyrb. 


%> 


Which statements about jsplnit () are true? (Choose all that apply.) 
^ A. It has access to a ServletConfig. 

B. It has access to a ServletContext. 

MC. It is only called once. 

1^^ D. It can be overridden. 


gsp vi.0 试出 on lial) 
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Which types of objects are available to the jsplnit () method? 
(Choose all that apply.) 


(JSP vZO 


^ A 

Servle tConfig 

3 B. 

Servle tContext 

□ G. 

JspServle tConfig 

□ D. 

JspServletContext 

□ E. 

HttpServletRequest 

□ F. 

HttpServletResponse 


—JSPs *tu\rh m*fco pla*m old ^ 

have addcss -bo the pla'm old Scv-vIctCo^-rij 
a 灼 d Scv-vlc*tCohtc%*t objc 今 … rt s 
vust a little ca^rly *m the to be 

-talki^ about requests and v-cspo^scs. 


se 出 0 灼 " 丄 1) 



Given: 


(JSP vi.0 1 - 竹 


<%@ page isELIgnored=' , true /, %> 


What is the effect? (Choose all that apply.) 


□ A. 

□ B. 

□ G. 
^ D. 


Nothing, this page directive is NOT defined. 

The directive turns off the evaluation of Expression Language code 
by the JSP container in all of the web application’s JSPs. 

The JSP containing this directive should be treated by the JSP 
container as a well-formed XML file. 

The JSP containing this directive should NOT have any Expression 
Language code evaluated by the JSP container. 


口 E. This page directive will only turn off EL evaluation if the DD 

declares a <el-ignored>true</el-ignored 〉 element with a 
URL pattern that includes this JSP. 


-Oftioh B is *mdov-\rcd*t 
because the div-c^tivc 

OY\ |y the 

JSP. 


7 


Which statement concerning JSPs is true? (Choose one.) 

□ A. Only j splnit () can be overridden. 

Q B. Only jspDestroy () can be overridden. 

Q G. Only _jspService () can be overridden. 

D. Both j splnit () and jspDestroy () can be overridden. 

口 E. j splnit (), j spDestroy (), and _ j spService () can all be 

overridden. 


(JSP vZO 


sett ⑽") 


-Rcmcmbcv the \AV\dt>rsCort 
is youv dluC 3 method 
be ovcv-v-iddc^* 
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Which JSP lifecycle step is out of order? (v)SP "） 

□ A. Translate the JSP into a servlet. 

Q B. Compile servlet source code. 

0fc. Call _j spService () 一 The \spScwidc method 

□ D. Instantiate the servlet class, be called bc-fovc 

口 E. Call jsplnit () 

□ F. Call jspDestroy () 


Which are valid JSP implicit variables? (Choose all that apply.) 

Q A. stream 
LL B. context 
E) G. exception 
口 D. listener 
^ E. application 


—Options ^>) P 

do^*t cWisi ds imflid'rt 
ok\c^*b dv-catcd by the 
do^*ba*mcv- -fov- JSrs. 


(JSP sc 




Given a request with two parameters: one named “first” represents a user’s 
first name and another named “last” represents his last name. 


(JSP A.0 1 -今 1) 


Which JSP scriptlet code outputs these parameter values? 


^ A. <% 


out.println(request.getParameter(''first")); 
out. println (request. getParameter (''last")); 


%> 


A uses i\\t w ou*t ，； 

imflidrt object i*U 
method- 


□ B. 


<% out. println (application. getl nit Parameter (''first")); 

out .println (application. getlnitParame ter (''last A, )) ; %> 


□ G. 

□ D. 


<% 


<% 


println (request. getParameter (''first")) ; -.Options C a^d P avc 

println (request. getParameter (''last”)) / %> •the w out" object 


println (application. getlnitParameter (''first")); 
println (application. ge tlnitParame ter (''last")) ; %> 
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mock answers 


Given: (JSP ^2-0 

11 . Hello ${user.name}! 

12 . Your number is <c : out value=^${user.phone } "/ >. 

13 . Your address is <j sp : getProperty name="user" property="addr" /> 

14 . <% if (user.isValid() ) {%>You are valid !<% } %> 


Which statements are true? (Choose all that apply.) 

aT A. Lines 11 and 12 (and no others) contain examples of EL elements. 




B. Line 14 is an example of scriptlet code. 


□ G. 

□ D. 

□ E. 
^ F. 


None of the lines in this example contain template text. 


Lines 12 and 13 include examples of JSP standard actions. 
Line 11 demonstrates an invalid use of EL. 

All four lines in this example would be valid in a JSP page. 


一 C B all 

dr Imes mdlude W 如仫此 

-Of*tioh P is because 

Ime IZ docs mdude d JSP 


-Optioh E is ihdo\r\rcd*t 
because the EL ih lihC 
II is valid. 


(JSP 及 0 I 一 


. Which JSP expression tag will print the context initialization parameter named “javax. 

U sql.DataSource ”？ 

Q A. <%= application. getAttribute (''javax. sql. DataSource^) %> 

B. <%= application. getlnitParameter (''javax • sql. DataSource^) %> 


Q C. <%= request. getParameter ('' javax. sql.DataSource^) %> 
Q D. <%= contextParam. get (''javax. sql. DataSource^) %> 


?> shows the 
dov-v-c^*t use o-f the 

ob\C 乙 t 



Which statements about disabling scripting elements are true? 
(Choose all that apply.) 


Q A. You can’t disable scripting via the DD. 

Q B. You can only disable scripting at the application level. 


□ G. 

^ D. 


You can disable scripting programmatically by using the 
isScriptingEnabled page directive attribute. 

You can disable scripting via the DD by using the 

<s crip ting-invalid 〉 element. 




-You tay\ Ohly disable 

elements *thv-OUjh the PI). The 

<isp-pvopev-ty-jv-ou^ elemc 灼七 
allots you bo disable Sd\rift'm5 
•m selective JSPs by 
URL -fco be disabled- 
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In sequence, what are the Java types of the following JSP implicit objects: 


14 application, out, request, response, session? 

Q A. java.lang.Throwable 
java.lang.Obj ect 
java.util.Map 
java.util.Set 
java.util.List 

Q B. javax. servlet. ServletConfig 
java.lang.Throwable 
java.lang.Obj ect 
javax.servlet.jsp.PageContext 
java.util.Map 

G. javax.servlet.ServletContext 
javax.servlet.jsp.JspWriter 
j avax.servlet.ServletRequest 
j avax.servlet.ServletResponse 
j avax.servlet.http.HttpSession 

Q D. javax.servlet.ServletContext 
java.io.PrintWriter 
j avax. servlet. ServletConfig 
java.lang.Exception 
j avax.servlet.RequestDispatcher 


(jsp 似 1 一今 1) 




C shows 

Java o( cadh 
imflidi-t object 


15 


Which is an example of the syntax used to import a class in a JSP? 


Tjsp 似 1 一竹) 


Q A. <% page import= A, java.util.Date^ %> 

□ B. 

cf G. 

□ D. 

□ E. 


<%@ page import="java.util.Date" @%> 
<%@ page import=^ j ava. util. Date A, %> 
<% import j ava.util.Date; %> 

<%@ import file= A, java.util.Date^ %> 


16 


Given the JSP: 

1. <%@ page isELIgnored="true n %> 

2 . <%@ taglib uri="http : //java.sun.com/jsp/jstl/core" 
prefix= M c" %> 

3. <c : set var="awesomeBand" value="LIMOZEEN "/ > 

4. ${awesomeBand} 

What will be the output? 

^ A. ${awesomeBand} 

□ B. LIMOZEEN 

Q C. No output 

Q D. An exception will be thrown because all taglib directives must precede 
any page directives. 


-Option A f P arc mvalid bedausc 
o^lv Java may be 

'm^luded Y/rtlVm <% … /o> 匕护 . 

-Option C is *thc only example 七 

shows CoY>rtc{, syw*ta 乂 . 

-Option E is ihvalid because ihcv-c is 
ho ir»\po\rt di\rcdtivc. 

(JSP ^ sc6W l lo l) 


- Of 七 ior> A c%pvcssior> is \o/r\ortd 

3 灼 d passed vcvbatiw'- 
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8 scriptless 


Script-free pages 



Lose the scripting. Do your web page designers really have to know 
Java? Is that fair? Do they expect server-side Java programmers to be, say, 
graphic designers? And even if it’s just you on the team, do you really want a 
pile of bits and pieces of Java code in your JSPs? Can you say, “maintenance 
nightmare”? Writing scriptless pages is not just possible, it’s become much easier 
and more flexible with the new JSP 2.0 spec, thanks to the new Expression 
Language (EL). Patterned after JavaScript and XPath, web designers feel right at 
home with EL, and you’ll like it too (once you get used to it). But there are some 
traps... EL looks like Java, but isn’t. Sometimes EL behaves differently than if you 
used the same syntax in Java, so pay attention! 


this is a new chapter 
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official Sun exam objectives 


O^ncrwn% 

- 一 


Building JSP pages using the Expression Coverage Notes: 

Language (EL) and Standard Actions 

All of the objectives in this section are covered 
completely in this chapter. And it’s a big one. 

7.1 Write a code snippet using top-level variables in the Take your time in this chapter ； there’s a lot of 

EL. This includes the following implicit variables: picky details to go through. 

pageScope, requestScope, sessionScope, and 

applicationScope; pa ram and paramValues; header 
and headerValues; cookies; and initParam. 

7.2 Write a code snippet using the following EL operators: 
property access (the . operator), collection access (the 
[] operator). 

7-3 Write a code snippet using the following EL operators: 
aritmetic operators, relational operators, and logical 
operators. 

7.4 For EL functions: Write a code snippet using an EL 
function; identify or create the TLD file structure used 
to declare an EL function; and identify or create a code 
example to define an EL function. 

8.1 Given a design goal, create a code snippet using the 
following standard actions: jsp:useBean (with attributes: 

‘id’, ‘scope’, ‘type’，and ‘class’) ， jsp:getProperty, and jsp: 
setProperty (with all attribute combinations). 

8.2 Given a design goal, create a code snippet using the 
following standard actions: jsp:include, jsp:forward, and 
jsp:param. 


6.7 Given a specific design goal for including a JSP 

segment in another page, write the JSP code that uses 
the most appropriate inclusion mechanism (the include 
directive or the <jsp:include> standard action). 


In this chapter, we cover BOTH include 
mechanisms: <jsp:include> from objective 8.2, and 
the include page directive from objective 6.7 (most 
of the objectives in section 6 were covered in the 
previous chapter on JSPs)• 
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scriptless JSPs 


Our MVC app depends oh attributes 


Remember in the original MVC beer app, the Servlet controller 
talked to the model (Java class with business logic), then set an 
attribute in the request scope before forwarding to the JSP view. 

The JSP had to get the attribute from the request scope, and use 
it to render a response to send back to the client. Here’s a quick, 
simplified look at how the attribute goes from controller to view 
(just imagine the servlet talks to the model): 

Servlet (controller) code 

public void doPost(HttpServletRequest request, HttpServletResponse response) 


throws 工 OException, ServletException { 





String name 二 request. getParameter (''userName^); 

request. setAttribute (''name", name); 


RequestDispatcher view = request.getRequestDispatcher('Vresult.j sp^); 
view.forward(request A response); 



JSP (view) code 



<htmlxbody> 

Hello 

<%= request .getAttribute (''name^) %> 

</body></html> 



Hello Paul 
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non-String attributes 


Put what if the attribute is wot a 
String, but an mstawee of Person? 

And not just a Person, but a Person with a “name” property. 
We’re using the term “property” in the non-enterprise 
JavaBean* way — the Person class has a getName() and 
setName() method pair, which in the JavaBean spec means 
Person has a property called “name”. Don’t forget that the 
“name” property means a change in case for the first letter, 
“n”. In other words, the name of the property is what you get 
when you strip off the prefix “get” and “set”，and make the 
first character after that lower case. So, getName/setName 
becomes name. 


A 一 ％ 

foo.Person 

public String getNameQ 
public void setName(String) 




Servlet code 


public void doPost(HttpServletRequest request, HttpServletResponse response) 

throws 工 OException, ServletException { 


foo.Person p = new foo.Person(); 
p • setName (''Evan"); 

request. setAttribute (''person", p); 

RequestDispatcher view = request.getRequestDispatcher(''result.j sp^); 
view.forward(request f response); 


JSP code 

<htmlxbody> 

Person is : <%= 

</body></html> 




yt 脚 


V 




? 


What we WANT: 





• - • ' http://localhost:8080/testJSP1/Tester.do 






What we GOT: 





• * http://localhost:8080/testJSP1/Tester.do 




Person is: foo.Person@512d66 


超3總 


*We'll talk about JavaBeans in a few pages, but for now, just know that it’s a plain 
old Java class that has getters and setters that follow a naming convention. 
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scriptless JSPs 


Wc need more code to get the Person's name 


Sending the result of getAttribute() to print/write statement doesn’t give us 
what we want — it just runs the object’s toString() method. And since class 
Person doesn’t override its inherited Object.toString(), well, you know what 
happens. But we want to print the Person’s name. 

JSP code 

<htmlxbody> 

<% foo.Person p = (foo.Person) request.getAttribute (''person^) ; %> 
Person is: <%= p.getName() %> 

</body></html> 



OR using an expression 

<htmlxbody> 

Person is: 

<%= ((foo. Person) request. getAttribute (''person^)) . getName () %> 

</body></html> 


What we GOT; 



But then we remember that MEMO... 


The one that can be summarized as 
“Use Scripting and Die" 


We need a different approach. 
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JavaBean standard actions 


Pcrsow is a JavaPea^ so well use the 
bean-related standard actions 


With a couple of standard actions, we can eliminate all the scripting 
code in our JSP (remember: scripting code includes declarations, 
scriptlets, and expressions) and still print out the value of the person 
attribute’s name property. Don’t forget that name is not an attribute — 
only the person object is an attribute. The name property is simply the 
thing returned from a Person’s getNameQ method. 



Without standard actions (using scripting) 

<htmlxbody> 


<% foo.Person p = (foo.Person) request.getAttribute (''person^) ; %> 
Person is: <%= p.getName() %> 

</body></html> 



With standard actions (no scripting) 


<htmlxbody> 

<j sp : useBean id="person" class="foo•Person" scope="request" /> 

Person created by servlet : <j sp:getProperty name="person" property="name" 

</body></html> 
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scriptless JSPs 


pGcowstructmg <jsp:usePean> and <jsp:gGtPropGrty> 

All we really wanted was the functionality of <jsp : getProperty> because we wanted only to 
display the value of the person’s “name” property. But how does the Container know what 
“person” means? If we had only the <jsp:getProperty> tag in the JSP, it’s almost like using 
an undeclared variable — the name “person”. The Container usually has no idea what you’re 
talking about, unless you FIRST put a <jsp:useBean> into the page. The <jsp:useBean> is a 
way of declaring and initializing the actual bean object you’re using in <jsp:getProperty>. 


Declare and initialize a bean attribute with 


<jsp:useBean> 


<jsp:useBean id="person" class="foo•Person" scope="request" /> 


二 ) 


/ I 

ldcy\-ii-(-ies -the , . » _ 

sa.d- 


IdMcs -the a^Hbu-te 


Get a bean attribute’s property value with 


<jsp:getProperty> 


< j sp : ge tProperty name=’’person" property=’’name" /> 



Idchti-Pics the adiual beah 
♦ 纴 . This will r^a-Uh 
the U id^ value -f\rorw -the 
<jsp ： uscBcah> -bg. 


- 

口丄 . “一伽 s) . 

• - * W ， VV0 V ^V>as 

> do 


Note- tWis _ 
do 

part 
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<jsp:useBean> 


<jsp:usePean> can also CREATE a bean! 

If the <jsp:useBean> can’t find an attribute object named “person ”， 
it can make one! It’s kind of the way request.getSession() (or 
getSession(true)) works — it first searches for an existing thing, but if it 
doesn’t find one, it creates one. 


Look at the code from the generated servlet, and you’ll see what’s 
happening — there’s an if test in there! It checks for a bean based on the 
values of id and scope in the tag, and if it doesn’t get one, it makes 
an instance of the class specified in class, assigns the object to the id 
variable, then sets it as an attribute in the scope you defined in the tag. 


This tag 

<jsp:useBean id="person" class="foo•Person" scope="request" /> 


Turns into this code 


in 


synchronized (request) 


the JspService() method 

〆 petWe a va^aWe base< J or> 

vahaWc Wat If 0 if ^ 肅、 此 


r4 


•m 


person = (foo.Person)_j spx_page_context.getAttribute(''person^, PageContext.REQUEST_SCOPE) 


if (person == null){ 




person = new foo.Person(); 


h5rhC ^ ihai s^opc... 
Make oy\c, 抑吵 


bo \d vahaWe. 


_j spx_j>age_context. setAttribute (''person’’ ， person , PageContext. REQUEST 一 SCOPE); 

" \ " 

Finally, set the new objed: as an 
aitv-ibuic ai 七 he sdopc you dc-f mcd- 
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scriptless JSPs 


This could be a bad thing—I 
don't WANT to have a bean 
that doesn’t have its property 
values set! If the Container 
makes a bean using that tag, the 
bean won’t have property 
values... 



You caw use <jsp:SGtPropcrty> 


But you already knew that where there’s a get there’s usually a set. 
The <jsp : setProperty> tag is the third and final bean standard 
action. It’s simple to use: 


< j sp : useBean id=’’person’’ class=’’foo • Person’’ scope="request’’ / > 

<j sp : setProperty name="person" property="name" value="Fred" 


Thafs worse! NOW it 
means that if the bean already 
existed, my JSP will reset the existing 
bean's property value! I want to 
set the property on only the 
^NEW beans... 

o v 


o 



/> 
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<jsp:useBean> with a body 


<jsp:usePean> can have a body! 

If you put your setter code (<jsp:setProperty>) inside the 
body of <jsp:useBean>, the property setting is conditional! 

In other words, the property values will be set only if a 
new bean is created. If an existing bean with that scope and 
id are found, the body of the tag will never run, so the 
property won’t be reset from your JSP code. 


With a <jsp:useBean > body 

have code that runs 
conditionally... ONLY if the 

be f n attribute can't be found 
and a new bean is created. 





s V \0 


s\aA! 


< jsp : useBean id=’’person" class=’’foo . Person" scope=’’page" ” > 

TWs ^ feodT 

<j sp:setProperty name="person" property="name" value="Fred" / > 


</jsp:useBean > 


6 \ose ^ 






o ： 

Why didn’t they just let you specify arguments 
to the constructor of the bean? Why do you have to go 
through the extra trouble of setting values anyway? 


A I 

The simple answer is this: beans can’t HAVE con¬ 
structors with arguments! Well, as a Java class, they can, 
but when an object is going to be treated as a bean. Bean 
Law states that ONLY the bean’s public, no-arg construc¬ 
tor will be called. End of story. In fact if you do NOT have 
a public no-arg constructor in your bean class, this whole 
thing will fail anyway. 




What the heck is Bean Law? 


A • 

The law according to the creakingly-ancient 
JavaBeans specification. We’re talking JavaBeans — NOT 
Enterprise JavaBeans (EJB) which is completely unrelated. 
(Go figure.)The plain old non-enterprise JavaBeans spec 
defines what it takes for a class to be a JavaBean. Although 
the spec actually gets pretty complex, the only things you 
need to know for using beans with JSP and servlets are 


these few rules (we’re showing only those that apply to 
what we’re doing with servlets and JSPs): 

1) You MUST have a public, no-arg constructor. 

2) You MUST name your public getter and setter methods 
starting with "get” (or "is”, for a boolean) and "set”，followed 
by the same word. (getFooO, setFooO). The property name 
is derived from stripping off the "get" and "set", and chang¬ 
ing the first character of what’s left to lowercase. 

3) The setter argument type and the getter return type 
MUST be identical. This defines the property type. 

int getFooO void setFoo(/nf foo) 

4) The property name and type are derived from the get¬ 
ters and setters and NOT from a member in the class. For 
example, just because you have a private int foo variable 
does NOT mean a thing in terms of properties. You can 
name your variables whatever you like. The "foo" property 
name comes from the methods. In other words, you have a 
property simply because you have a getter and setter. How 
you implement them is up to you. 

5) For use with JSPs, the property type SHOULD be a type 
that is either a String or a primitive. If it isn’t, it can still be a 
legal bean, but you won’t be able to rely only on standard 
actions, and you might have to use scripting. 
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&GwcratGd servlet when <jsp:usePean> has a body 

It’s simple. The Container puts the extra property-setting code inside the if test. 


Code in JspService() WITH the <jsp:useBean> body 

〆 Dcdlav-c -the vav-iablc. 


person = (foo. Person) j spx page context • getAttribute (''person’’ ， PageContext. PAGE SCOPE); 


foo.Person person = null; 


if (person —— null){ 

person = new foo.Person(); 


a hew ihs-bh^. , 七 bcah object b> 

"the sycM\cd sdopc. 


j spx page context.setAttribute(''person^, person, PageContext.PAGE SCOPE); 


org.apache.jasper.runtime.JspRuntimeLibrary.introspecthelper( 

_jspx_page_context.findAttribute (''person^) , ''name’’ ， ''Fred’’ ， null , null, false) 



Vou weire 

i)r)ai，s ^ this Code docs. it uscs . 

!3 
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polymorphic references 


Can you make polymorphic bean references? 

When you write a <jsp:useBean>, the class attribute determines the class of the new 
object (if one is created). It also determines the type of the reference variable used in 
the generated servlet. 


The way it is NOW in the JSP 


< j sp : useBean id= 〃 person 〃 class= 〃 foo. Person" 



scope=”page’’ / > 


But... what if we want the reference type to be different from the actual object type? We’ll 
change the Person class to make it abstract, and make a concrete subclass Employee. 
Imagine we want the reference type to be Person, and the new object type to be Employee. 
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scriptless JSPs 


Adding a type attribute to <jsp:usePean> 


a\)sbraci tlass 


With the changes we just made to the Person class, we’re in trouble if 
the attribute can’t be found: 

Our original JSP 

<j sp : useBean id= 〃 person 〃 class= 〃 foo•Person" scope= 〃 page〃/> 


Has this result 

java.lang.InstantiationException : foo.Person 


Because the Container tries to: 

new foo.Person() 





We need to make the reference variable type Person, and the object an instance 
of class Employee. Adding a type attribute to the tag lets us do that. 


Our new JSP with a type 

<j sp : useBean id=’’person" type="foo•Person" class="foo.Employee" scope="page"> 



Type can be a class type, abstract type, or an interface — anything that you 
can use as a declared reference type for the class type of the bean object. You 
can’t violate Java typing rules, of course. If the class type can’t be assigned to 
the reference type, you’re screwed. So that means the class must be a subclass 
or concrete implementation of the type. 
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type without class 


Usmg type without class 

What happens if we declare a type, but not a class? 
Does it matter if the type is abstract or concrete? 


JSP 




wo 


dass) jus-t ^2? 


<j sp : useBean id =, ’person" type="foo•Person" scope="page"/> 


Result if the person attribute already exists in “page” scope 

It works perfectly. 


Result if the person attribute does NOT exist in “page” scope 

java.lang.InstantiationException : bean person not found within scope 


If type is used without class, the bean must already exist 

If class is used (with or without type) the class must NOT 
be abstract, and must have a public no~arg constructor. 


o ： 

In your example, // foo.Person /, is 
an abstract type, so of COURSE it can't be 
instantiated. What if you change the type to 
"foo.Employee"? Will it use the type for both the 
reference AND the object type? 


A: 


NO! It never works. If the Container 


discovers that the bean doesn't exist, and it sees 


only a type attribute without a class, it knows that 
you’ve given it only HALF of what it needs — the 
reference type but not the object type. In other 
words, you haven’t told it what to make a new 
instance of! 


There is no fallback rule that says, "If you can’t find 
the object, go ahead and use the type for BOTH 
the reference and the object.” No, that is NOT how 
it works. 

Bottom line: if you use type without class, you 
better make CERTAIN that the bean is already 
stored as an attribute, at the scope and with 
the id you put in the tag. 
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The scope attribute defaults to "page" 

If you don’t specify a scope in either the <jsp:useBean> or <jsp : getProperty> tags, 
the Container uses the default of “page”. 

This 

<j sp : useBean id= 〃 person 〃 class= 〃 foo•Employee” scope= 〃 page〃/> 

Is the same as this 

< j sp : useBean id=’’person’’ class="foo • Employee "/〉 


with class! 


Don’t confuse type 


Check out this code: " fPerson "/> 

< jsP :useBean ifperson" type=^foo .Employee 

Be prepared to recognize mt this wil, NEVER work! Youl, get a b/g fa ^： 

class for JSP 

foo. Person is aiost-rdUL, 

person = new foo. Person (), 


Be SURE that you remember: 


type == reforence type 
class == object type 


Or to put it another way: 

—te) 

type x = new classf) 

.,.m i H — r i ass is always a class while type doesn ! t have to 
Now, you 1 re probably thin mg , ⑴ URSE they used “class” to represent things that mus 
be — type can be an interface. So of COURSE y 喻伽郎 as welL ” And you ’d be _t 

ALWAYS be a class, and li type for in ^ S yTHING jn the spec has the most intuitive and 

But you^re also thinking “Of course ， ; 0 二 _ securjty <auth -constraint>)^he name of ^ 
obvious name, so I better be sure class，and type is … type. 

mg is the opposite of what it actually is. But ,n this case, 
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bean-related standard actions exercise 



BE die Container 


Ms 


Look at this standard action: 


abs*tv-ad*t dlass 



Person 


String getNamef) 
void setName(String) 


Employee 

intgetEmpIDf) 
void setEmplD(int) 


~ 8 


< j sp : useBean id=’’person’’ type=’’foo . Employee’’ scope=’’request’’ > 
<j sp:setProperty name= 〃 person 〃 property= 〃 name 〃 value= 〃 Fred" 
</j sp : useBean > 

Name is: < j sp : getProperty name=’’person’’ property=’’name’’ /> 

Now imagine that a servlet does some work and then forwards 
the request to the JSP that has the code above. 

Figure out what the JSP code above would do for each of the 
three different servlet code examples. (The answers are at the 
end of the chapter.) 


① What happens if the servlet code looks like: 

foo.Person p = new foo.Employee(); 
p • setName (''Evan"); 

request. setAttribute (''person", p); 



(Both dldsses av-c 


( 2 ) What happens if the servlet code looks like: 

f00.Person p = new foo.Person(); 
p • setName (''Evan"); 

request. setAttribute (''person", p); 
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I just thought of something... 
suppose we aren’t using a servlet 
controller, and the HTML form 
action goes straight to the JSP... is 
there a way I can use the request 
parameters to set a bean property, 
WITHOUT using scripting? 


&omg straight from the request 
to the JSP without going through 
a servlet... 


Imagine this is our form: 

<htmlxbody> 






<form action='、TestBean • jsp"> 

name : <input type=' 、 text 〃 name=' 、 userName〃> 
ID#: <input type=' 、 text 〃 name=' 、 userID〃> 
<input type= 〃 submit〃> 

</form> 


</body></html> 



JSP. 


We know we can do it with a combination of standard actions and scripting: 

< j sp : useBean id=' 、 person’’ type='、foo • Person’’ class='、foo • Employee ’’/〉 

<% person. setName (request, get Parameter (''userName^) ) ; %> 


We can even do it with scripting INSIDE a standard action: 

<j sp : useBean id=' 、 person 〃 type=''foo . Person^ class='、foo • Employee〃> 


< j sp : setProperty name=' 、 person" property:''name" 

value=''<%= request.getParameter (''userName' 

</j sp:useBean> 


%>' 


❹啦 Uk b 从 


/> 
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using param 


The param attribute to the rescue 

It’s so simple. You can send a request parameter straight into a bean, without 
scripting, using the param attribute. 


The param attribute lets you set the value of a 
bean property to the value of a request parameter. 
JUST by naming the request parameter! 


Inside TestBean.jsp 

<j sp : useBean id= 〃 person 〃 type= 〃 foo•Person 〃 class= 〃 foo•Employee〃> 

< j sp : setProperty name="person" property=’’name" param="userName" / > 
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Put wait! It gets gvgw better... 

And all you have to do is make sure your form input field name (which becomes 
the request parameter name) is the same as the property name in your bean. Then 
in the <jsp:setProperty> tag, you don’t have to specify the par am attribute. If you 
name the property but don’t specify a value oy param, you’re telling the Container to 
get the value from a request parameter with a matching name. 


If we change the HTML so that the input field 
name matches the property name: 



We get to do THIS 


<j sp : useBean id= 〃 person 〃 type= 〃 foo•Person” class= 〃 foo•Employee〃> 
<j sp : setProperty name= 〃 person 〃 property= 〃 name 〃 / > 

</j sp:useBean> 

Wc ANY vaWd 


If the request parameter name matches the bean 
property name ，you don’t need to specify a value 
in the <jsp:setProperty> tag for that property. 
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properties and request parameters 


If you caw stand it it gets even PETTER." 

Watch what happens if you make ALL the request parameter names match 
the bean property names. The person bean (which is an instance of foo. 
Employee) actually has two properties — name and empID. 



<j sp : useBean id= 〃 person 〃 type= 〃 foo•Person 〃 class= 〃 foo•Employee〃> 
<j sp : setProperty name="person" property="*" / > 
</jsp:useBean> \ 




I want you to iterate 
through the request parameters, 
and find any that match this bean's 
property names, and set the VALUE of 
the matching properties equal to the 
value of the corresponding request 
parameter... 


O 

o 



JSP 


Oh sure... make ME do all 
the work. I have to look at 
the bean class getters and 
setters to figure out the bean 
properties, then match that to 
the parameter names... 



I J 


Container 
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scriptless JSPs 


Peaw tags convert primitive 
properties automatically 

If you’re familiar with JavaBeans from any earlier lifetime, 
this is no surprise to you. JavaBean properties can be anything, 
but if they’re Strings or primitives, all the coercing is done 
for you. 


abstract foo.Person 


String getName() 
void setName(String) 




That’s right — you don’t have to do the parsing and 
conversion yourself 

If we make the type Employee 
(instead of Person) 

<htmlxbody> 



foo.Employee 

int getEmpIDf) 
void setEmplD(int) 


< j sp : useBean id=’’person" type="foo • Employee" class=’’foo • Employee" > 
< j sp : setProperty name=’’person’’ property=’’*’’ / > 

</j sp:useBean> 


Person is: <j sp : getProperty name= 〃 person 〃 property= 〃 name 〃 / > 
ID is: <j sp : getProperty name="person" property="empID" / > 


</body></html> 




■t a" works 


http://localhost:8080/testJSP1/TestBean.jsp 


name: Kathy ID#: 343 广 Submit 


At 




http://localhost:8080/testJSP1/TestBean.jsp 


Person is: Kathy ID is: 343 之 


^ 从 :: 二 S。. 


The <jsp : setProperty> action 
takes ^ie String request 
parameter, converts it to an int, 
and passes bean’s 

setter method for 也 at property. 
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primitive conversion 


^tJierei£ireaiP 

Dumb Questions 

o ： 

OK, I’m thinking that the Container code is doing 
some kind of lnteger.parselnt("343〃)，so wouldn't you 
get a NumberFormatException if the user doesn’t type in 
something that can be parsed to an int? Like, what if the 
user types "three” in the employee ID field? 

A • 

XX Good catch. Yes, something will definitely go wrong 
if the request parameter for the empID property can’t be 
parsed into an int. You need to validate the contents of 
that field, to make sure it contains only numeric characters. 
You could send the form data to a servlet first, instead of 
sending it straight to the JSP. But if you're committed to 
going from the form straight to the JSP, and you don't want 
scripting, just use JavaScript in the HTML form to check the 
field before sending the request. If you’re not familiar with 
JavaScript (which of course has virtually NOTHING to do 
with Java), it's a simple scripting language that's processed 
on the client side. In other words, by the browser. A quick 
Google search on "JavaScript validate input field” should 
turn up some scripts you can use to stop users from enter¬ 
ing, say, anything but numbers into an input field. 


o ： 

If a bean property doesn’t have to be a String or 
a primitive, then HOW can you set the property with¬ 
out scripting? The value attribute of the tag is always a 
String, right? 


It is possible (but potentially a *lot* of extra work) to 
create a special class, called a custom property editor, that 
supports the bean. It takes your String value and figures 
out how to parse that into something that can be used to 
set a more complex type. This is part of the JavaBeans spec, 
though, not the JSP spec. Also, if the value attribute in the 
<jsp:setProperty> tag is an expression rather than a String 
literal, then IF that expression evaluates to an object that’s 
compatible with bean property type, then it will probably 
work. If you pass in an expression that evaluates to a Dog, 
for example, the Person bean’s setDog(Dog) method will 
be called. But think about it — this means the Dog object 
must already exist. Anyway, you’re way better off NOT try¬ 
ing to construct new things in your JSP! Trying to get away 
with constructing and setting even marginally complex 
data types is gonna be tough without scripting. (And none 
of that is on the exam). 



Automatic String-to-primitive conversion does NOT work if you use 
scripting!! It fails even if an expression is INSIDE the <jsp:setProperty> tag. 


If you use the <jsp:setProperty> standard action tag with the property wildcard, OR just a property name without a 
value or param attribute (which means the property name matches the request parameter name), OR you use a 
param attribute to indicate the request parameter whose value should be assigned to the bean’s property, OR you 
type a literal value, the automatic conversion from String to int works. Each of these examples converts automatically: 


< jsp : setProperty 

name= 

’’person” 

property= 

n n / > 



TV^csc all ^ 0 ^ 1 - 

<jsp : setProperty 

name: 

’’person” 

property= 

’’empID’’ 

/> 


<jsp : setProperty 

name: 

’’person” 

property= 

’’empID” 

value= 

"343" /> ' 


<jsp : setProperty 

name= 

’’person” 

property= 

’’empID” 

param =, 

"empID” /> 

/ TKis docs NOT y/ovkf 

BUT... if you use scripting, the automatic conversion does NOT work: 




<jsp: setProperty name=’’person’’ property=’’empID’’ value=’’<%= request .getParameter ( 、 'empID’’）％>"/> 
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scriptless JSPs 


Whew! I am just SO 
relieved at how much easier 
it is to use those tags instead 
of scripting. The benefits to me 
are staggeringly obvious. 




The bean standard action tags are more natural to a non-programmer. 

Once again, the benefit of using tags over scripting is more about the web page designers than 
about j ⑽ (the Java programmer). Although even Java programmers find that tags are easier to 
maintain than hard-coded Java scripting elements. With the bean-related tags, the designer 
needs only the basic identification info (attribute name, scope, and property name). True, they 
do have to know the fully-qualified class name, but as far as the web page designer knows — it’s 
just a name with dots (.) in it. The web designer doesn’t need any knowledge of what’s really 
behind it, and they can think of beans as simply records with fields. You tell the designers the 
record (the class and the identifier) and the fields (the properties). 

Still, the bean standard actions aren’t as elegant as they could be. 

And that’s why this isn’t the end of the story on scriptless pages. Read on... 


you are here ► 365 





object properties 


Put what if the property is something 
OTHER thaw a String or primitive? 

We know how easy it is to print an attribute when the attribute itself 
is a String. Then we made an attribute that was a non-String object 
(a Person bean instance). But we didn’t want to print the attribute 
(person) — we wanted to print a property of the attribute (in our 
example, the person’s name and empID). That worked fine, because the 
standard actions can handle String and primitive properties. So, we 
know that standard actions can deal with an attribute of any type, as 
long as all the attribute’s properties are Strings or primitives. 

But what if they’re not? What if the bean has a property that is not a 
String or primitive? What if the property is yet another Object type? An 
Object type with properties of its own? 

What if ivhat voe really ivant is to print a property of that property 

Person has a String “name” property. 

Person has a Dog M dog” property. 

Dog has a String “name” property. 


d,ass ,h ^IS example. 


foo.Person 


jublic String getNameO 

public void setName(Stnng) 




foo.Dog 

public String getName() 
public void setName(String) 


What if we want to print the name of the Person’s dog? 


Servlet code 


public void doPost(HttpServletRequest request, 

throws 


HttpServletResponse response) 

工 OException, ServletException { 


foo.Person p = new foo.Person() 
p • setName (''Evan ”）； 

foo.Dog dog = new foo.DogO ; 
dog • setName ('' Spike"); 
p•setDog(dog); 






\i a 


request. setAttribute (''person", p); 


RequestDispatcher view = request.getRequestDispatcher(''result.j sp^); 
view.forward(request, response); 
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Trying to display the property of the property 

We know we can do it with scripting, but can we do it with the bean standard actions? 

What happens if we put “dog” as the property in the <jsp:getProperty> tag? 

Without standard actions (using scripting) 

<htmlxbody> 

<%= ( (foo. Person) request. getAttribute (''person^)) . getDog () . getName () %> 


丁 Ws 一 — ％: 




>MC 






</body></html> 


With standard actions (no scripting) 


<htmlxbody> 


< j sp : useBean id=’’person’’ class=’’foo • Person’’ 
Dog's name is: < jsp : getProperty name="person 

</body></html> 


scope=^request^ / > 

property:"dog" /> 








What we WANT 

What we GOT 

- - ---- ■ 

• ' http://localhost:8080/testJSP1/Tester.do 

_ 

• - http://localhost:8080/testJSP1/Tester.do 

Dog’s name is: Spike 


Dog’s name is: foo.Dog@799338 

Allwe 3 oiwAe ， esul^ 

D。 3 s ^eihod 


You can’t say: property=“dog.name” 

There’s no combination of the bean standard actions that’ll work given the original 
servlet code, because the Dog is not an attribute! Dog is a property of the attribute, 
so you can display the Dog, but you can’t navigate to the name property of the Dog 
property of the Person attribute. 

The <jsp:getProperty> lets you access only the properties of the bean attribute. 
There’s no capability for nested properties, where you want a property of a property, 
rather than a property of the attribute. 
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EL to the rescue 


Expression Language (EL) saves the day! 

Yes, just in time to save us, the JSP Expression Language (EL) was 
added to the JSP 2.0 spec, releasing us from the tyranny of scripting. 

Look how beautifully simple our JSP is now... 


JSP code without scripting, using EL 

<htmlxbody> 

Dog's name is: $ {person. dog . name} 

</body></html> TW(s . s . t ,^ eve, de.Ue 

Y/V^a-b fcv-sov\ wea 怕…’七 七 一…三 




This: 

${person.dog.name} 


Replaces this: 

<%= ((foo. Person) request. getAttribute (''person^) ) . getDog () . getName () %> 



You don’t need to know 
EVERYTHING about EL. 

The exam doesn’t expect you to be a 
complete EL being. Everything you might typically use, 
or be tested on, is covered in the next few pages. So, if 
you want to study the EL spec, knock yourself out. Just 
so you're clear that WE didn’t tell you to do that. 
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scriptless JSPs 


pGcowstructmg the JSP Expression Language (EL) 

The syntax and range of the language are dirt simple. The tricky part is that some of 
EL looks like Java, but behaves differently. You’ll see when we get to the [] operator in a 
moment. So you’ll find things that wouldn’t work in Java but will work in EL, and vice- 
versa. Just don’t try to map Java language/syntax rules onto EL, and you’ll be fine. For 
the next few pages, think of EL as a way to access Java objects without using Java. 


EL expressions are ALWAYS within curly 
braces, and prefixed with the dollar sign 

${P erson.name} 


The first named variable 
； n t he expression .s either 
an object or an 

attribute. 


$ {firstThing. secondThing} 

EL IMPLICIT OBJECT ATTRIBUTE 


All 


/7>ageScope 
requestScope 
sessionScope 
applicationScope 

param 

param Values 


header 

headerValues 


n page scope 
n request scope 
n session scope 
n application scope 


，卞 the +，啩 i h £ 

^cssio, is a, sUhUU 

be -the of ah 

^ttir.buic sieved ih ahy of 

W available scopes 


c 


/ cookie 
V initParam 

pageContext ^ - - 

Note: BL ir»\plidi*t objects a\rc moi 七 he 
same ds 七 he implidi 七 objects available *to 
JSPs 


^ ^ —I 说吟也 0h | y 

pagcCoh-tcx-t is h o-t a H J S 
ah 3 ^ ua l -to -the 

P^9eCo，W (A，d he 
P 吵 CohW is a JavaBcah.) 


(Java \rcm*mdc\r ： d mdf is 
a 匕 ollcd*tio 灼 holds 

key/value paiv-s, like 
Hash-table ar\d ttash/l/lap.) 
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the dot operator in EL 


Usmg the dot (•) operator to access 
properties and map values 


The first variable is either an implicit object or an attribute, and the thing 
to the right of the dot is either a map key (if the first variable is a map) or a 
bean property if the first variable is an attribute that’s a JavaBean. 


① If the expression has a variable followed by a dot, 
the left-hand variable MUST be a Map or a bean. 

$ {person . name} 



额 en 也 e variable is on 
^ie left: side of ^ie dot, it's 
eidier a (soitieflung 
wiiii leys) or a bean 
(sometoig wi^i properties). 

TBs is true regardless 
of wiie^ier ^ie variable is 


② 


③ 


The thing to the right of the dot MUST be a 
Map key or a bean property. 


$ {person. name} 



And the thing on the right must follow 
normal Java naming rules for identifiers. 

$ {person . name} 


an iPiplicit object or an 
attribute. 

The pageContext implicit 
object is a bean — it tas 
getter ine^iods. All o^ier 
implicit objects are Maps. 

If 也 e object is a bean but 
ihe named property doesn't 

exist, ^ienan exception 

iS^iTown. 



Must start with a letter, or $. 


* After the first character, you can 
include numbers. 


Can’t be a Java keyword. 
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Thctl operator is like the dot owlyway better 

The dot operator works only when the thing on the right is a bean property or 
map key for the thing on the left. That’s it. But the [ ] operator is a lot more 
powerful and flexible... 


This: 


$ {person [ ''name"] } 


Is the same 
as this: 

$ {person. name} 


That doesn't look 
better. That just 
looks like more work, 
adding brackets and 
quotes... 


The simple dot operator version 
works because person is a bean, 
and name is a property of person. 

But what if person is an array? 

Or what if person is a List? 

Or what if name is something 
that can’t be expressed with the 
normal Java naming rules? 
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but the is better 


Thetl gives you more options... 

When you use the dot operator, the thing on the left can be only a Map or a bean, 
and the thing on the right must follow Java naming rules for identifiers. But with the 
]，the thing on the left can also be a List or an array (of any type). That also means 
the thing on the right can be a number, or anything that resolves to a number, or an 
identifier that doesn’t fit the Java naming rules. For example, you might have a Map 
key that’s a String with dots in the name (“com.foo.trouble”). 

① If the expression has a variable followed by a bracket [ ]，the 
left-hand variable can be a Map, a bean, a List, or an array. 

$ {mus±CluLst[^something^] } 



② If the thing inside the brackets is a String literal (i.e.，in 

quotes), it can be a Map key or a bean property，or an index 
into a List or array. 


$ {musicList[^ something^] } 
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scriptless JSPs 


Usmg thcH operator with aw array 


In a Servlet 

String [ ] favoriteMusic = {''Zero 7”，''Tahiti 80” ， ''BT〃，''Frou Frou’’}; 
request. set Attribute (''musicList^f avoriteMusic); 


In a JSP 

Music is: $ {musicList} 



e taW s 




arva'I* 


First song is: $ {musicList[0]} 




■" r - »：■ ■ ， http : //localhost : 8080/testJSP1 /Tester.do J 

First song is: Zero 7 


■ ■ 

Second song is: $ {musicList } 



This is a joke, right? Or 
else there's more than punch 
in this drink... I could SWEAR 
that those are quotes around 
the array index, and that's just 
not right, dude... 
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accessing lists and arrays 


A String index is cocrccd to aw iwt for arrays and Lists 

The EL for accessing an array is the same as the EL for accessing a List. 

Remember folks, this is NOT Java. In EL, the [ ] operator is NOT the array access 
operator. No, it’s just called the [ ] operator. (We swear, look it up in the spec — it has no 
name! Just the symbol [ ]. Like Prince, kind of.) If it DID have a name, it would be the 
array/List/Map/bean Property access operator. 


In a Servlet 

j ava.util.ArrayList favoriteFood = new java.util.ArrayList(); 
favorite Food. add (''chai ice cream ’’）； 
favoriteFood. add (''faj itas"); 
favoriteFood. add (''thai pizza ”）； 

favoriteFood • add (''anything in dark chocolate ’’）； 
request • setAttribute (''favoriteFood” ， favoriteFood); 


In a JSP 

Foods are ： ${ favoriteFood} 


OUouslv /WapUa … 以 祕伽 试 W). 


vv yv jTl 

4 ，> http://localhost:^ 


http://localhost:8080/testJSP1/Tester.do 



Foods are : [chai ice cream, faji- 

tas , thai pizza, anything in dark 


chocolate] 



If 也 e toig to ^ie left of 
丑 ie bracket is an array or 
a List, and ^ie index is a 
String literal, ^ie index is 

coerced to an int. 


First food is ${ favoriteFood[0]} 


This would NOT wor1^ : 


4 ，、 a http://k 


: //localhost:8080/testJSP1/Tester.do 






First food is chai ice cream 



Second food is ${ favoriteFood [ 、、 1" ] } 

* 1 1 } : c http://localhost:8080/testJSP1/Tester.do 


Second food is fajitas 


${favoriteFood[ 、、 one"] } 

Because “one” can't be 
tunned into an int. You’ll 
get an error if ^ie index 
can't be coerced. 
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Face the facts, dot-boy. 

I’m way cooler than you. Do 
you know what it says in the 
spec about you? It calls you M a 
convenience operator' That’s 
almost too cute. 



Oh come on, seriously, 
does ANYBODY use arrays 
anymore? Arrays and lists are 
so... 2003. Linear. Boring. 


O 

o 




The fact that you even 
used the word Hash table 
shows how up to date YOU are. 
They're, like, legacy code now. 
rm talking about Maps and 
JavaBeons. Thafs all anyone 
uses these days. 


O 

Q 



Have you actually checked the 
date on the JavaBeans spec 
lately? If that spec were milk, it 
would be some hideous creature 
from The X-Files by now... 
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[]and the dot 


For beans and Maps you can use either operator 


For JavaBeans and Maps, you can use either the [] operator or the convenient dot 
operator. Just think of map keys the same way you think of property names in a bean. 

You ask for the key or property name, and you get back the value of the key or property. 

In a SerWet 

j ava.util.Map musicMap = new j ava.util.HashMap(); 


musicMap • put (''Ambient", ''Zero 7 ’’）； 

musicMap • put (''Surf 〃，''Tahiti 80 〃）； 

musicMap • put ( 、 'DJ" , 、 'BT ’’）； 

musicMap .put (''Indie", ''Travis ’’）； 

request. setAttribute (''musicMap ^, musicMap); 



In a JSP 


Ambient is: $ {musicMap. Ambient} 



Ambient is: Zero 7 




cx.fv-css»oy\s use 

as 铷 e key a Ma? 
k a Ma?!). 


Ambient is: $ {musicMap [ ''Ambient" ] } 





Ambient is: Zero 


Ambient is: Zero 7 
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If ifs NOT a Striwg literal ifs evaluated 

If there are no quotes inside the brackets, the Container evaluates what’s 
inside the brackets by searching for an attribute bound under that name, 
and substitutes the value of the attribute. (If there is an implicit object 
with the same name, the implicit object will always be used.) 

Music is: ${musicMap [Ambient]} 

Find an attribute named 66 AmbienV\ 

Use the VALUE of that attribute as the key 
into the Map，or return null. 




In a servlet 

java.util.Map musicMap = new java.util.HashMap(); 

musicMap • put (''Ambient", ''Zero 7 ’’）； 

musicMap • put (''Surf 〃，''Tahiti 80 〃）； 

musicMap • put ( 、 'DJ" , 、 'BT ’’）； 

musicMap • put (''Indie", ''Frou Frou ’’）； 

request • setAttribute (''musicMap” ， musicMap); 


request. setAttribute (''Genre" , ''Ambient"); 



because there IS a request attribute named “Genre” with a 
value of “Ambient”，and “Ambient” is a key into musicMap. 


This does NOT work in a JSP (given the servlet code) 

^ „ doesiVt change 

Music is $ {musicMap [ Genre ] } - - - - - ^ 

because there IS no key in musicMap named “Genre”. 

With the quotes around it, the Container didn’t try to 
evaluate it and just assumed it was a literal key name. 


Music is $ {musicMap [''Genre” ] } 

少 

TW«s »s a val.d EL e 〒议十 W 七 
\i docs / 七 do 4a 七 ^ 
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You can use nested expressions 
inside the brackets 


It’s expressions all the way down in EL. You nest expressions 
to any arbitrary level. In other words, you can put a 
complex expression inside a complex expression inside a... 

(it keeps going). And the expressions are evaluated from the 
inner most brackets out. 

This part will seem completely intuitive to you, because it’s 
no different than nesting Java code within parens. The tricky 
part is to watch out for quotes vs. no quotes. 

In a servlet 

j ava.util.Map musicMap = new java.util.HashMap(); 
musicMap • put (''Ambient", ''Zero 7 ’’）； 
musicMap• put (''Surf’’，''Tahiti 80 ’’）； 
musicMap • put ( 、 'DJ" , 

musicMap• put (''Indie”，''Frou Frou ”）； 
request. setAttribute (''musicMap” ， musicMap); 

String [ ] musicTypes = {''Ambient’’ ， ''Surf", ''Indie’’}; 

request. setAttribute (''MusicType^, musicTypes); 


This DOES work in a JSP 


Music is $ {musicMap [MusicType [0] ] } 




Music is Zero 7 


Music is $ {musicMap [''Ambient" ] } 



Music is Zero 7 
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You caw't do $ {f oo . 1 } 

With beans and Maps, you can use the dot operator, but only if the 
thing you type after the dot is a legal Java identifer. 


This 

${mu si cMap• Ambient} 



Is the same as this 

$ {mu si cMap [''Ambient^] } 



But this 

$ {musicList [''1^] } 


CANNOT be turned into this 

${musicList.1} ho! 


If you wouldnH use it^for 

variable name y 

code, DON^T put .t after tn 
dot 


一 t^arpen your pencil 

■2X What I 


What prints? 

Given the servlet code below, figure out what would print (or if there’d be an error, 
just write, you know, “error”). Answers are at the bottom of the next page. 

j ava.util.ArrayList nums = new j ava.util.ArrayList(); 
nums . add ( 、 'l"); 
nums . add ( 、 '2"); 
nums . add (''3 ’’）； 

request. setAttribute (''numbers’’ ， nums); 

String [ ] favoriteMusic = {''Zero 7’’，''Tahiti 80", 、 'BT’’，''Frou Frou’’} 
request. setAttribute (''musicList", f avoriteMusic); 


(T) ${musicList[numbers[0]]} 


${musicList[numbers[0]+1]} 



(iVlcll talk move about EL 
opev-a-bov-s \ y \ a -few pajes.) 


$ {musicList [numbers [ 、 '2〃] ] } 


④ 


${musicList[numbers[numbers[1]]]} 
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Code Magnets 

Don’t be surprised if you find something like 
this on the exam (except in the real exam it’ll 
look... uglier). 

Study the three classes on the page, and 
the servlet code on the opposite page, then 
construct the code magnets to make the EL 
that’ll produce the response shown in the 
browser. (Turn the page for the answers, but 
not until you DO THIS, especially if you’re 
going to take the exam.) 


foo.Toy 

M 

package foo; 

- 

public class Toy { 


private String name; 


public void setName(String name) { 

this.name=name; 


) 

public String getName() { 


return name; 

} 

} 



foo. Person 

package foo; 
public class Person { 
private Dog dog; 
private String name; 
public void setDog(Dog dog) { 
this.dog=dog; 

} 

public Dog getDog() { 
return dog; 

} 

public void setName(String name) { 
this.name=name; 

} 

public String getName() { 
return name; 



— 


foo.Dog 

package foo; 
public class Dog { 

private String name; 

private Toy[] toys; 

public void setName(String name) { 
this.name=name; 

} 

public String getName() { 
return name; 

} 

public void setToys(Toy[] toys) { 
this.toys=toys; 

} 

public Toy[] getToys() { 
return toys; 



Answers to Sharpen on previous page: 1) Tahiti 80 2) BT 3) Frou Frou 4) Frou Frou 
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Servlet code 


Compose the EL for this output: 


foo.Person p = new foo.Person (); 

p . setName ( 、 'Leelu 〃）； 

foo.Dog d = new foo.Dog(); 

d. setName (''Clyde"); 

foo.Toy tl = new foo.Toy(); 

tl. setName (''stick"); 

foo.Toy t2 = new foo.Toy(); 

t2 • setName (''neighbor' s cat"); 

foo.Toy t3 = new foo.Toy(); 

t3 . setName (''Barbie™ doll head ”）； 

d.setToys(new foo•Toy[] {tl, t2, 13}); 

p.setDog(d); 

request. setAttribute (''person ^, p); 


‘ [c I ^ http://localhost:8080/testJ$P1/Tester.do 


Leelu^ s dog Clyde^ s toys are : stick, 
neighbor^ s cat, and a Barbie™ doll 
head 









and a 

1 



] doq j toys . 2 \ ~ name j 


33 
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exercise a/iswers 



Code Magnets 

Answers 


This is y\o{, OUL^/ v/ay *to p\rodudc *thc ou*tfu*t> bu 七 
its *thc only v/ay us*m^ -this sc*t o-f rwa^cts- Bo 灼 us 
C 乂 cv • 匕 isc: v/vi*tc *thc EL c>^p\rcssio^s d li*t*tlc di-f-fc\rc^*tly 
(-fov-jct *thc bu*t p\r*m*t *thc sd^e vcsult 


Servlet code 


Compose the EL for this output: 


foo.Person p = new foo.Employee(); 

p . setName (''Leelu ”）； 

foo.Dog d = new foo.Dog(); 

d. setName (''Clyde"); 

foo.Toy tl = new foo.Toy(); 

tl. setName (''stick"); 

foo.Toy t2 = new foo.Toy(); 

t2 . setName (''neighbor 7, s cat ”）； 

foo.Toy t3 = new foo.Toy(); 

t3 . setName (''Barbie™ doll head"); 

d.setToys(new foo•Toy[] {tl, t2, 13}); 

p.setDog(d); 

request. setAttribute (''person ^, p); 


㈣. 

4 j " http://localhc 


: //localhost:8080/testJSP1/Tester.do 


Leelu^ s dog Clyde^ s toys 
stick, neighbor^ s cat, and 
Barbie™ doll head 




「乂 _ j 

are : 
da 


${person.name} r s dog i ${person.dog.name} 



${person.dog.toys 
— 




${person.name} r s dog ${person.dog.name } r s toys are : ${person.dog.toys[0]. 
name}, ${person•dog•toys[1].name}, and a ${person.dog.toys[2].name} 


Q 3 ^ 

- -- 

$ {person. dog. toys [''name"] 

${person.dog.toys.name} 


toys [''name"] $ {person.dog. toys .name} 
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scriptless JSPs 


The Case of the Missing Content 


Documents-R-Us has created a content management 
system used primarily for creating tutorials for 
desktop applications. Part of the application allows 
content developers to create “Tip of the Day” chunks 
of content, which are stored in the request-scoped 


JVtysfery 



attribute currentTip. For example, if the tip was 
Wash your hair every other day,’’ then the screen 
would include a box like this: 


eno 


•^http://localhost:8080/testJSP1/Tester.do 


Tip of the Day: 

Wash your hair every other day. 


The JSP code for this tip box is: 

<div class='tipBox'> 

<b>Tip of the Day : </b> <br /> <br /> 
${pageContent.currentTip} 

</div> 


A new client is trying to create a tutorial using the 
system, but can’t seem to get the tips to display 
correctly. For example, the tip “<b></b> tags make 
things bold!” is rendered like this: 


I! : http : //localhost:8080/testJSP 1/Tester.do 

1. 1 

Tip of the Day: 

tags make things bold! 



“What gives?” exclaims Tawny, the client’s lead JSP developer. 
“Where did the beginning of the tip go? Why didn’t the bold 
tags get displayed?” She issues a bug report immediately to 
Documents-R-Us. 


What do you think? Did the bold tags get sent to the 
output stream? Why aren，t they being displayed? 
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raw html 


EL renders raw text iwcludmg HTML 


The mystery is solved when you look at 
the actual HTML that is generated... 


So, the “<b></b>” portion of the tip 
is being sent in the output stream, but 
the web browser is simply rendering it 
as raw HTML 一 by bolding an empty 
space on the page. 

So, of course the user does not see the 
“<b></b>” tags on the screen. 



The same is true for JSP expression tags 


<div class= * tipBox'> 

<b>Tip of the Day : </b> <br/> <br/> 
<%= pageContent.getCurrentTip() %>‘ 
</div> 


and for the jsp:getProperty standard action 


^a-tcvcv o/alua-bcs > 

as sWavd ttTMU so 

HTML avc 
dis^laYcd as 七《此 


\ ihih 3 Text |ik c <i></i> 




<div class= 1 tipBox'> 

<b>Tip of the Day : </b> <br/> <br/> 

<j sp : getProperty name= * pageContent' property: 
</div> 



currentTip' / > 
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FLEX YOUR hlHP 

OK, so the tip string is being sent to the output stream, but 
Documents-R-Us wants to convert HTML special characters into 
a format that is rendered properly in their tips. So we want to 
send in order for the user to see the actual < character in 
the browser, and “&gt;” to produce the > character. 


How would you accomplish this? 











scriptless JSPs 


Remember that my HTML form 
action goes straight to the 
JSP... is there a way I can use the 
request parameters just using EL? 



The EL implicit objects 

Remember, EL has some implicit objects. But these 
are not the same as the JSP implicit objects (except 
for one, pageGontext). Here’s a quick list; we’ll look 
at some of them in more detail on the next few pages. 
You’ll notice that all but one (pageGontext again), are 
simple Maps — name/value pairs. 


pageScope 

requestScope 

sessionScope 

applicationScope 




param 

paramValues 


Maps Jc -the \rc^ucs-t 
pamarhc-tcv-s. 


header 

headerValues 


Map J 从 c 


cookie … "this is a *toujK 。灼 e... 

dould i*b be a Map o*P … dookics? 

initParam A /Wap of 




pageContext 


yttev methods. 
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param and paramValues 


Request parameters m EL 

Piece of cake. The param implicit object is fine when you know you have only 
one parameter for that particular parameter name. Use paramValues when you 
might have more than one parameter value for a given parameter name. 


In the HTML form 


<f orm action=’’TestBean • j sp’’> 

Name : <input type= 〃 text 〃 name= 〃 name〃> 

ID#: 〈input type=’’text" name="empID"> 

First food : <input type= 〃 text 〃 name= 〃 food〃> 
Second food : <input type= 〃 text 〃 name= 〃 food〃> 




Ue W luld 


<input type= 〃 submit〃> 
</form> 


In the JSP 

Request param name is: $ {param.name } <br> 
Request param empID is: $ {param.empID} <br> 


Request param food is: $ {param.food} 


First food request param: $ {paramValues.food[0]} 
Second food request param: $ {paramValues.food[1]} 


口丄十… ds # 


ti ^ 


Request param name : $ {paramValues.name[0]} 


In the clients browser (client fills in 
the form and hits the submit button) 


http 


http://localhost:8080/testJSP1/TestBean.jsp 







Name: Huffy ID#: 

423 



First food: Sushi 




Second tood ： Macaroni ^ Cheese Submit 



The response 


http://localhost:8080/testJSP1/Tester.do 

Request param name is: Fluffy 
Request param empID is: 423 
Request param food is: Sushi 
First food request param: Sushi 
Second food request param: Macaroni & 
Cheese 

Request param name: Fluffy 


386 chapter 8 



























scriptless JSPs 


What if you wawt more mformatiow from the request? 


What if you want, say, the server host information that comes with the “host” header in 
the request? If you look in the HttpServletRequest API, you can see a getHeader(String) 
method. We know that if we pass “host” to the getHeader() method, we’ll get back 
something like: “localhost:8080” (because that’s where the web server is). 

Getting the “host” header 

We know we can do it with scripting 

Host is: <%= request. get Header (''host^) %> 


But with EL, we’ve got the header implicit object 



Host is: ${header [''host"] } 



lU headers 4 1 

dues) 




It v,ovks just ?avam 


Getting the HTTP request method 

Uh-oh. This is a little trickier", there’s a method in the 
HttpServletRequest API for getMethod(), that returns GET, POST, etc. 
But how do I get it using EL? 

We know we can do it with scripting 

Method is: <%= request.getMethod() %> 


But with EL ，this will NOT work 


Method is: ${request.method} 



And this will NOT work 


Method is: ${requestscope.method} 


KO' KOI KOI 



IS 

Wt A NOT 仏 c 


Can you figure out how to do it? 

Hint: look at the other implicit objects. 
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scope maps are NOT the real object 


The rgqugstScopg is NOT the request object 

The implicit requestScope is just a Map of the request scope attributes, 
not the request object itself! What you want (the HTTP method) is a 
property of the request object, not an attribute at request scope. In other 
words, you want something that comes from calling a getter method on 
the request object (if we treat the request object like a bean). 

But there is no request implicit object, only requestScope! What to do? 

You need something else... 


trough pageContex® ^ *° 90 



Use pageContext to get to everything else... 

Method is: ${pageContext.request.method} 


pageContext has a request property 
request has a method property 


Don ，t confuse the Map scope objects with the 
f ojects to which the attributes are bound. 

/rssoeasyfo^n/c^say, 

,etContext, since thaVswhere the scope Map for 

But just as with requestScope and Mao of attributes, and noth- 

application-scoped ^ sQ don ， t expect t0 get 

__ 脱 _ iCa _S C0P e_ 触 
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If EL looks through all the 
scopes anyway, why would 
I ever use one of the scope 
implicit objects? The only thing I 
can think of is a naming conflict, 
but I wonder if there might 
be another reason... 


Scope implicit objects can save you 

If all you need is to print the name of a person, and you really 
don’t care what scope the person is in (or, you do care, but you 
know there’s only one person out of all four scopes), you just 



use: 

$ {person.name} 

Or, if you’re worried about a potential naming conflict, you 
can be explicit about which person you want: 

$ {requestScope. person. name} 


But is there another reason you might have to preface the 
attribute with the implicit scope object? Other than to 
control. ..scoping? 

Think about this scenario: if you have a name that’s not 
in quotes in brackets [ ]，that means it MUST adhere to 
Java naming rules, right? Here, we’re OK, because person 
is a perfectly legal Java variable name. But that’s because 
somewhere, someone said, 


request. setAttribute (''person", p); 


But an attribute name is a String! 


〆 Co ^ ihe ^ 


sor^cwhcirc, wi-th 

Coh*tclihcir hevcv* 


u attmibuie 


Strings don’t follow Java variable name rules! 

That means someone could say: 

request. setAttribute (、'foo .person", p); 

And then you’d be in trouble, because THIS won’t work: 

${foo.person.name} 


Usi h g ihc 

^si£^ 0?c objc^-t gives 

=a way *to pd 

attlribu-tc j h ，七 cs : 


But you’ll be so thankful for scope objects, because using a 
scope object lets you switch to the [ ] operator, that can take 
String names that don’t conform to Java naming rules. 

${requestScope 「 foo.person"].name} 
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two more implicit objects 


&Gttmg Cookies and iwit params 

We’ve looked at all the implicit objects except cookies and init params, so here 
we are. And yes, any of the implicit objects can show up on the exam. 


Printing the value of the “userName” Cookie 


We know we can do it with scripting 

<% Cookie[] cookies = request.getCookies(); 

for (int i = 0; i < cookies.length; i++) { 

if ( (cookies [i] . getName () ) . equals (''userName”) 
out.println(cookies[i].getValue()); 


7 ~Kis is kmd of S pdm, 

ob\c^*t docs NOT 3 
(\c-tCook*»c^ook*»cNamc) mc^od! i/^c 
V^avc *to yt v/\iolc Cookie av-v-ay 
i*tcv*a*tc *t^v-ou^ rt oiaV-scUcs. 


%> 


But with EL, we’ve got the Cookie implicit object 


${cookie.userName.value} 


WAV easier. Just 51VC *i*t *tV^c name, a^d ，今 c 

tomes batk -Prom Map Cook.c ^mcs/valucs. 


Printing the value of a context init parameter 


We have to configure the parameter in the DD 


<context-param> 


Remember. -tViis IS View you 

\>av-amctcv-s. TV^csc 

ay . c KOT tVic same as servlet 


<param-name>mainEmail</param-name> 

<param-value>likewecare@wickedlysmart.com</param-value> 
</context-param> 


We know we can do it with scripting 

email is: <%= application • getlnitParameter ( 、 'mainEmail 〃） %> 


And with EL, it’s even easier 

email is: ${initParam.mainEmail} 


The EL initParam is NOT 
for params configured 
using <init-parain> ! 

He 「 e ， s whafs confusing: servlet init params are 

configured using <init-param> wh.le == pa = S , 
use < CO ntext-param> but the EL implicit initParam 

j S f or context params! Had they consulted us, we 
would have suggested that the s =: p e = 产 

consider naming this variable, oh, contextPamm … 

but once again, they forgot to ask us. 
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[EL is wonderful... but sometimes 
I need functionality, not just 
attribute or property values. If 
only there were a way to have an EL 
expression call a Java method that 
returns a value...then I would 广 
^ - - be happy. J 


% 



She doesn't know about EL fuwcjiows 

When you need a little extra help from, say, a Java method, 
but you don’t want scripting, you can use an EL function. It’s 
an easy way to write a simple EL expression that calls a static 
method in a plain old Java class that you write. Whatever the 
method returns is used in the expression. It does take a tiny 
bit more work to configure things, but functions give you a 
lot more.. .functionality. 
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functions in zL 


Imagine you wawt your JSPto roll dice 

You Ve decided it would be awesome to have a web-based dice-rolling 
service. That way, instead of hunting around behind desks and in the 
sofa cushions for real dice, a user could just go to your web page, click on 
the virtual dice, and voila! They roll! (Of course, you have no idea that a 
Google search will probably bring up, oh, about 4,420 sites that do this.) 

① Write a Java class with a public static method. 

This is just a plain old Java class. The method MUST be public and static, and it can 
have arguments. It should (but isn’t required to) have a non-void return type. After all, 
the whole point is to call this from a JSP and get something back that you can use as 
part of the expression or to print out. 

Put the class file in the /WEB-INF/classes directory structure (matching the appropriate 
package directory structure, just like you would with any other class). 

( 5 ) Write a Tag Library Descriptor (TLD) file. 

For an EL function, the TLD provides a mapping between the Java class that defines the 
function and the JSP that calls the function. That way, the function name and the actual 
method name can be different. You might be stuck with a class with a really stupid method 
name, for example, and maybe you want to provide a more obvious or intuitive name to 
page designers using EL. No problem—the TLD says, “This is the Java class, this is the 
method signature for the function (including return type) and this is the name well use in 
EL expressions”. In other words, the name used in EL doesn’t have to be the same as the 
actual method name, and the TLD is where you map that. 

Put the TLD file inside the /WEB-INF directory. Name it with a .tld extension. (There are 
other places the TLD can go; well talk about that in the next two chapters.) 


③ Put a taglib directive in your JSP. 

The taglib directive tells the Container, “I’m going to use this TLD, and in the JSP, when I want 
to use a function from this TLD, I'm going to prefix it with this name...” In other words, it lets 
you define the namespace. You can use functions from more than one TLD, and even if the 
functions have the same name, that’s OK. The taglib directive is kind of like giving all your 
functions fully-qualified names. You invoke the function by giving both the function name AND 
the TLD prefix. The prefix can be anything you like. 

④ Use EL to invoke the function. 

This is the easy part. You just call the function from an expression using ${prefix:name()}. 
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The function class, the TLD, and the JSP 


scriptless JSPs 


The -Puh^tioh method /WUST 
be public MO siaht. 


The class with the function 

package foo; 

PUblic ^ las s DiceRoller { | 

public static int roliDi ce /\ / 

return (int) ( '■ - { 

} J U^ath. random () * 6) 


1 ) 


The Tag Library Descriptor (TLD) file 

<?xml version= 〃 l•0 〃 encoding= 〃 ISO-8859-l 〃 ?> 

<taglib xmlns=’’http : //j ava . sun . com/xml/ns/ j 2ee" 
xmlns : xsi= 〃 http://www.w3.org/2001/XMLSchema-instance” 
xsi : schemaLocation=’’http : //j ava . sun . com/xml/ns/j 2ee/web- 
j sptaglibrary 2 0.xsd 〃 version= 〃 2.0〃> 


<tlib-version>l.2</tlib-version 〉 

<uri>DiceFunctions</uri> 
<function> 

<name >rollIt</ name > 
<function-class>foo.DiceRo: 
<function-signature> 
int roliDice() 
</function-signature> 
</function> 


Lction-class> 


</taglib> 




Po about all 

- > 

WH ta'k wOV，c TLt>S m 


TV 


_ 

t V,e TLP does KOT^e 

to be W _ oUk 

Vtkv^ Jo 

诎⑼ tUSP mvokes tV,e fcU 


•wide me use 

^l： e ( TLD 

D 〜上 t/ 二 r 


The JSP 

<%@ taglib prefix=^ine- 
<html><body> 

${mine ：rollIt()} 

</bociy></htrnl> 




uri : 


DiceFunctions 1 


%> 


,voWltO 60 ^ 

丁 ^ TU p,r,ot^ 

^ Java ^ 
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deploying with a function 


Peploymg an app with static functions 


The only thing that’s new here is the “myFunctions.tld” file. It has to be 
somewhere within WEB-INF or one of its subdirectories (unless it’s deployed in a 
JAR file, but we’ll talk about that later in the book). Here, because this app is so 
simple, we have both the DD (web.xml) and the TLD (myFunctions.tld) at the top 
level of WEB-INF, but you could organize them into subdirectories. 

The key point is that the class with the static function MUST be available to the 
app, so... for now, you know that putting it inside WEB-INF/classes will work. 
And remember that in the taglib directive in the JSP, we specified a URI that 
matches the URI declared in the TLD. For now, think of the URI as simply 

whatever you decided to name the TLD. It’s just a name. In the next 
chapter on using custom tags, we’ll go into all the details about TLDs and URIs. 


<%@ taglib prefix= 〃 mine 〃 uri= 〃 DiceFunctions〃％> 

This is Sy\ rwus*t 

<uvi> 'mside TLD. 






classes | 




Sam 


WEB-INF 


TestBean.jsp 


<functior^\ 


<?xml veq^N 
sion= 〃 l. 

rolllt 

</name> 

<function- 

class> 

£oo.DiceRoller 

</function- 


encoding 

="UTF- 8 "?> 

<!DOCTYPE 


尸 

Tk TLP myFunctions.tld 

dctlavcs i\\t 
dass, mctW 
and 仏出 0 於灼 〆. 


web.xml 


— u 


it ； 


0010 0001 
1100 1001 
0001 0011 
0101 0110 


The class widi^ie function 
i&te public static iqediod) 
must be available to ^ie web 
卿 just like servlet, bean, 
and listener classes. That 
iqeans sowvtee in AVEB - 
MVelasses … 

Puttie TLD file some^tee 
under and make 

sure ^ie taglib directive 
in ^ie JSP includes a uri 
attribute 也 at matches ^ie 
<uri> element in ^xe TLD. 
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DiceRoller.class 
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^iiereiqrejio 

Dumb Questions 


o ： 

A regular scriptlet expression MUST 
return something. If you say <%= foo. 
getFooO %>, getFooO must NOT have a void 
return type. (At least that’s what you said 
earlier.) So I’m thinking it’s the same with EL 
functions? 


A • 

XX # No! It’s NOT the same with EL functions, 
although just about everybody finds that... sur¬ 
prising.Think about this —— if you’re calling an 
EL function that doesn’t return anything, then 
you’re calling it just for its side effects! Given 
that part of the goal for EL is to reduce the 
amount of logic in a JSP (a JSP is supposed to 
be the VIEW!), invoking an EL function just for 
its side effects doesn’t sound like a good idea. 


o ： 

How did the Container find the TLD? 
The URI doesn’t match the path or file name 
of the TLD. Was this a miracle? 


A ! 

Just the question we were hoping 
someone would ask. Yes, you’re right — we nev¬ 
er did tell the Container exactly where to find 
the real TLD file. When the app is deployed, 
the Container searches through WEB-INF and 
its subdirectories (or in JAR files within WEB- 
INF/lib) looking for .tld files. When it finds one, 
it reads the URI and creates a map that says, 
"The TLD with this URI is actually this file at this 
location..."There's a little more to the story that 
we’ll cover in the next chapter. 




Can an EL function have arguments? 


A ! 

Definitely. Just remember in the TLD to 
specify the fully-qualified class name (unless 
it’s a primitive) for each argument. A function 
that takes a Map would be: 

<function-signature 〉 

int rollDice(java.util.Map) 

</function-signature 〉 

And call it with ${mine:rollDice(aMapAttribute)} 
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EL operators 


And a few other EL operators... 

You probably won’t (and shouldn’t) do calculations and logic from EL. Remember, 
aJSP is the View, and the View’s job is to render the response, not to make Big 
Important Decisions or do Big Processing. If you need real functionality, that’s 
normally the job of the Controller and Model. For lesser functionality, you’ve got 
custom tags (including the JSTL tags) and EL functions. 

But... for little things, sometimes a little arithmetic or a simple boolean test might 
come in handy. So, with that perspective, here’s a look at the most useful EL 
artithmetic, relational, and logical operators. 


Arithmetic (5) 

Addition: 

Subtraction: 

Multiplication: 

Division: 

Remainder: 



* 


I and div 
% and mod 


IKf IKITY ， av. _ 

But vou CAKKOT use 

a^a'mst a ^ 0 - 70 ^ll 


Logical (3) 

AND: 

OR: 

NOT: 


&& and and 
II and or 
! and not 


Relational (6) 


Equals: 

Not equals: 
Less than: 


==and eq 
!= and ne 
< and It 


Greater than: > and gt 

Less than or equal to: <= and le 
Greater than or equal to: >= and ge 


k! 


Don，t use EL reserved words 
as identifiers! 


Ynu can already see 11 of them on this page^the 

r 二 


true a boolean literal 

f a l se the OTHER boolean literal 

null It m 的 ns … null 

instanceof (this is reserved for “the Mure”) 
empty an operator to see if s , ome ^ /n ^f 


later in the chapter) 
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貧 ^^rpen your pencil 


Look at the servlet code, then figure out what prints next to each EL expression. 
You’ll have to guess in a few places, since we haven’t covered every possible rule. 
This exercise will help you figure out how EL behaves. Hint: EL is flexible and forgiv¬ 
ing. Another hint: the actual nine answers are printed at the bottom of this page up¬ 
side down, but they are NOT in any order. But if you really need help, at least you’ll 
have the nine answers, and you can use elimination to figure out where they all go. 


Given this servlet code: 

String num = 、 '2 〃； 

request • setAttribute (''num", num); 

Integer i = new 工 nteger(3); 
request • setAttribute (''integer” ， i); 

java.util.ArrayList list = new java.util.ArrayList(); 

list • add (''true ’’）； 

list. add (''false^); 

list.add(''2"); 

list.add(''10 〃）； 

request. setAttribute (''list” ， list); 


What prints for each of these? 

- ${num > 3} 

- ${integer le 12} 

- $ {request Scope [ ''integer^ ] ne 4 and 6 le num | | false} 

- $ {list [ 0 ] || list[''l’’] and true } 

- ${num > integer} 

- ${num — integer-1} 

<j sp : useBean class= 〃 foo•Dog” id= 〃 myDog 〃 > 

< j sp : setProperty name=’’myDog" property=’’name" value=’’$ {list [ 1 ] } 
</j sp:useBean> 

_ ${myDog.name and true} 


Assume Doj \>cBy\ 

dlass is available- 


${42 div 0} 


/> 
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貧 ^^rpen your pencil 


Given this servlet code: 

String num = 、 '2 〃； 

request. setAttribute (''num ^, num); 

Integer i = new 工 nteger(3); 
request • setAttribute (''integer” ， i); 

java.util.ArrayList list = new java.util.ArrayList(); 

list • add (''true ’’）； 

list. add (''false^); 

list.add(''2"); 

list.add(''10 〃）； 

request. setAttribute (''list” ， list); 


What prints for each of these? . 

2 - totr ^ ^ as 

二 :“ 一 " “ C 


-fah 

hr 


-fal 


sc 


*brue 


-false 


tv-uc 


${num > 3} 

${integer le 12} 

${ requestScope [''integer”] ne 4 and 


le num 


false} 


$ {list [ 0 ] || list[ 、 'l〃] and true 

${num > integer} 

${num == integer-1} 




0 A ^tuAtr^U 

vuAcs “ 知 

or. 


-false 


<j sp : useBean class= 〃 foo•Dog” id= 〃 myDog 〃 > 

<j sp : setProperty name= 〃 myDog 〃 property= 〃 name" 
</j sp:useBean> 

${myDog.name and true} 


${42 div 0} 


value=’’$ {list [ 1 ] }’’ / > 



t!:S;r £L 
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EL handles null values gracefully 

A key design decision the developers of EL came up with 
is to handle null values without throwing exceptions. 
Why? Because they figured “it’s better to show a partial, 
incomplete page than to show the user an error page.” 

Assume that there is not an attribute named “foo”，but 
there IS an attribute named “bar”，but that “bar” does 
not have a property or key named “foo”. 

EL What prints 


${foo} 

${foo[bar]} 
${bar[foo]} 
${foo.bar} 


No 七 fv'm-b ou*b ^ov 

ocpycss'io^s. Y ou S ^V 

value IS ： Vou II just see 

叮 k value 


${7 + foo} 
${7 / foo} 
${7 - foo} 
${7 % foo} 


7 

Infinity 

7 


ms, 


Exception is thrown 


${7 < foo} 

${7 == foo} 

${foo == foo} 
${7 != foo} 

${true and foo} 
${true or foo} 

${not foo} 


false 

false 

true 

true 

false 

true 

true 




EL is null-friendly. It 

handles unknown or null 
values so Aat Ae page still 


displays, even if it can't 
find an attribute/properfy/ 
ley with the mine in ike 


egression. 


In ari&metic, EL treats Ae 
null value as “zero”. 


In logical egressions, EL 
treats Ae null value as 
“false”. 
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JSP Expression Language (EL) review 


BULLET POINT 



■ EL expressions are always within curly braces, 
and prefixed with a dollar($) sign ${expression}. 

■ The first named variable in the expression is 
either an implicit object or an attribute in one of 
the four scopes (page, request, session, or ap¬ 
plication). 

■ The dot operator lets you access values by using 
a Map key or a bean property name, for example 
${foo.bar} gives you the value of bar, where bar 
is the name of Map key into the Map foo, or bar 
is the property of bean foo. Whatever comes to 
the right of the dot operator must follow normal 
Java naming rules for identifiers! (In other words, 
must start with a letter, underscore, or dollar 
sign, can include numbers after the first charac¬ 
ter, but nothing else, etc.) 

■ You can NEVER put anything to the right of the 
dot that wouldn’t be legal as a Java identifier. For 
example, you can’t say ${foo.1}_ 

■ The [] operator is more powerful than the dot, 
because it lets you access arrays and Lists, and 
you can put other expressions including named 
variables within the brackets, and you can nest 
them to any level you can stand. 

■ For example, if musicList is an ArrayList, you 
can access the first value in the list by saying 
${musicList[0]} OR ${musicList[“0”]}_ EL doesn’t 
care if you put quotes around the list index. 

■ If what’s inside the brackets is notin quotes, the 
Container evaluates it. If it is in quotes, and it’s 
not an index into an array or List, the Container 
sees it as the literal name of a property or key. 

■ All but one of the EL implicit objects are Maps. 
From the Map implicit objects you can get 
attributes from any of the four scopes, request 


parameter values, header values, cookie values, 
and context init parameters. The non-map im¬ 
plicit object is pageContext, which is a reference 
to... the PageContext object. 

■ Don’t confuse the implicit EL scope objects 
(Maps of the attributes) with the objects to which 
the attributes are bound. In other words, don’t 
confuse the requestScope implicit object with 
the actual JSP implicit request object. The 
only way to access the request object is by 
going through the pageContext implicit object. 
(Although some of what you might want from the 
request is already available through other EL 
implicit objects, including para m/pa ram Values, 
header/headerValues, and cookie.) 

■ EL functions allow you to call a public static 
method in a plain old Java class. The function 
name does not have to match the actual method 
name! For example, ${foo:rolllt()} does not mean 
that there must be a method named rolllt() in a 
class that has a function. 

■ The function name (e.g. rolllt()) is mapped to 
a real static method using a TLD (Tag Library 
Descriptor) file. Declare a function using the 
<function> element, including the <name> of 
the function (rolllt()), the fully-qualified <func- 
tion-class>, and the 〈 function-signature〉which 
includes the return type as well as the method 
name and argument list. 

■ To use a function in a JSP, you must declare the 
namespace using a taglib directive. Put a prefix 
attribute in the taglib directive to tell the Con¬ 
tainer the TLD in which the function you’re calling 
can be found. Example: 

<%@ taglib prefix="mine" 

uri= ^/WEB-INF/foo.tld^%> 
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layout templates 





1 ^ 


Reusable template pieces 

You have headers on every page on your web 
site. They’re always the same. You have the 
same footer on every page as well. How stupid 
would it be to code in the same header and 
footer tags into every JSP in your web app? 

If you’re thinking like a Java programmer 
(which of course you are), you know that 
doing that is about as un-OO as it gets. 

The thought of all that duplicate code 
probably makes you feel a little sick. What 
happens when the site designer makes, oh, a 
tiny little change to the header or footer? 

You have to propagate the change everywhere. 

Relax. There’s a mechanism for handling this in 
a JSP — it’s called include. You write your JSP 
in the usual way, except that instead of putting 
the reusable stuff explicitly into the JSP you’re 
authoring, you instead tell the Container to 
include the other file into the existing page, at 
the location you select. It’s kind of like saying: 


<html> <body> 


</-- insert the header file here --> 
Welcome to our site... 
blah blah blah more stuff here... 
</-- insert the footer file here --> 


</body></html> 


In this section we’ll look at two different include 
mechanisms: the include directive and the <jsp: 
include/> standard action. 
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The include directive 


The include directive tells the Container one thing: copy everything in the 
included file and paste it into this file, right here... 


Standard header file (“Header.jsp”) 

<htmlxbody> 




cm 


\Afe 


<img src=’’images/Web-Services • jpg" > <br> 

<em><strong>We know how to make SOAP suck less.</strongx/em> <br> 


</body></html> 


eoo ^ 

^ - . - ■ 

i- 1 

c 

+ 

0 http://localhost:8080/tests/Header.jsp 

" Or Google 



CQ J2SE 1.5 

in 3, Nutshell Colorado G...opers Horne Slashdot: Me...hat matters 

orlkuil - home java.net 

» 



We know how to make SOAP suck less. 


A JSP from the web app (“Contact.jsp”) 

<htmlxbody> 

<%@ include file=^Header. jsp A, %> 

<br> 

<em>We can help.</em> <br><br> 

Contact us at: ${initParam.mainEmail} 
</body></html> 




eoo 

■ ■ 


r -i 

e 

+ 0 http://localhost:8080/tests/Contact.jsp 

" Qj Google 



CO J2SE 1.5 

in a, Nutshell Colorado C....opers Home Slashdot: Ne...hat matters 

■orlkLil - home java.net 

» 



We know how to make SOAP suck less. 

We can help. 

Contact us at: likewecare@wickedlysmart.com 
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<jsp:include> standard action 


The <jsp:mclude> standard action 

The <jsp:include> standard action appears to do the same 
thing as the include directive. 


Standard header file (“Header.jsp ”） 

<htmlxbody> 丁 Wis 叫办七 

or, tVWV 

<img src=’’images/Web-Services • jpg" > <br> 

<em><strong>We know how to make SOAP suck less.</strongx/em> <br> 


</body></html> 


eoo 


' < | ^ | | C | | + | 0 http://localhost:8080/tests/Header.jsp 

"Qr Cocgle - 

QQ J2SE 1.5 in a Nutshell 

Colorado G...opers Home Slashdot: Me...hat matters orlkul 

— home java.net 》 



A JSP from the web app (“Contact.jsp”) 

<htmlxbody> 

<j sp : include page=^Header.jsp” /> < 

<br> 

<em>We can help.</em> <br><br> 

Contact us at: ${initParam.mainEmail} 
</body></html> 

0 o o 


" Or Google 


PP JZSE 1.5 in a Mutshel] Colorado G … ope rs Home Slashdot: Ne...hiat matters orlkut - home java,met 》 



We know how to make SOAP suck less. 

We can help. 


Contact us at: likewecare@wickedlysmart.com 




C 


0 http://localhost:8080/tests/Contact.jsp 





，， 
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ThcyVe NOT the same uwdGrwcath... 

The <jsp: in elude /> standard action and the include directive look the same, and 
often give the same result, but take a look at the generated servlets. We took this code 
directly out of the _jspService() method from Tomcat’s generated servlet code... 


Generated servlet code for the header file 


out.write(''\r<html>\r<body>\r<img src=\"images/Web-Services•jpg\^ > 

<br>\r<emXstrong>We know how to make SOAP suck less . </strongX/em> 


</body>\r</html>\r^) 




<br>\r\r 


Generated servlet for the JSP using the include directive 


out. write (''<html><body>\r"); 


old »s e/ACTLV 


丁 WlS m bold *«s — 

sawC as frate 


out.write(''\r<html>\r<body>\r<img src=\"images/Web-Services•jpg\^ > 

<br>\r<emXstrong>We know how to make SOAP suck less . </strongX/em> <br>\r\r 
</body>\r</html>\r ,, ); 


out. write (''\r<br>\r\r\r<em>We can help . </em> <br><br>\r\rContact us at: ; 

out.write((java.lang.String) org.apache.jasper.runtime.PageContextlmpl• 

proprietaryEvaluate (''$ { initParam. mainEmail} ’’，j ava . lang. String. class, 

(PageContext)_jspx_page_context, null, false)); 


out. write (''\r\r\r</body></html>"); 






Generated servlet for the JSP using the <jsp:include /> standard action 

out.write r<htmi><bod y >\r"); TKls IS 出以 The jsf file is NOT mside 七 k 

scwlct |^s*tcad, its some k*md tall... 

org.apache.jasper.runtime.JspRuntimeLibrary.include(request, response, 

''Header• jsp", out, false); 

out. write (''\r<br>\r\r\r<em>We can help . </em> <br><br>\r\rContact us at: 
out.write((java.lang.String) org.apache.jasper.runtime.PageContextlmpl• 

proprietaryEvaluate (''$ { initParam. mainEmail} ’’，j ava . lang. String. class, 

(PageContext)_j spx_page_context f null, false)); 


out. write (''\r\r\r</body></html>"); 
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include directive vs. standard action 


The include directive happens at trawslatiow time 
<jsp:mclude> happens at runtime 


With the include directive, there is NO difference between you opening your 
JSP page and pasting in the contents of “Header.jsp”. In other words, it really is 
just as though you duplicated the code from the header file into your other JSP. 
Except the Container does it at translation time for you, so that you don’t have 
to duplicate the code everywhere. You can write all your pages with an include 
directive, and the Container will go through the trouble of copying the header 
code into each JSP before translating and compiling the generated servlet. 


But <jsp:include> is a completely different story. Rather than copying in the 
source code from “Header.jsp”, the include standard action inserts the response 
of “Header.jsp”，at runtime. The key to <jsp:include> is that the Container is 
creating a RequestDispatcher from the page attribute and applying the include() 
method. The dispatched/included JSP executes against the same request and 


response objects, within the same thread. 


inserts the SOURCE of 
The i nclude ” d : t e :二 slation time. 

«Header.jsp , a standard action »n ser 

at 一 • 


o ： 

So why wouldn’t you always use 
<jsp:include>? That way you can guaran¬ 
tee you'll always have the latest content. 


A: 


Think about it. There’s an extra per¬ 


formance hit with every <jsp:include>. With 
the directive, on the other hand, the hit hap¬ 
pens only once — when the including page is 
translated. So if you're pretty sure that once 
you go to production the included file won’t 
change, the directive might be the way to 
go. Of course there’s still the tradeoff that 
the generated servlet class is a little larger 
when you use the directive. 


0： 

I tried this with Tomcat — I made a 
static HTML file, and included it with the 
directive. Then I changed the HTML file, 
without redeploying or anything, and the 
output from the JSP reflected the differ¬ 
ence! So if that’s the case, then why ever 
use <jsp:include >? 


A: 


Ahhh... you have a friendly Container 


(like Tomcat 5). Yes, most of the newer Con¬ 


tainers have a way of detecting when the 
included files have changed, and they do 
retranslate the including file and every¬ 
thing's great. The problem is that this is NOT 
GUARANTEED BY THE SPEC! So if you write 
your code to depend on it, your app won’t 
necessarily be portable to other Containers. 
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The include directive at first request 

With the include directive, the Container has a lot of work to do, but only on 
the first request. From the second request on, there’s no extra runtime overhead. 



The client makes a request for 
Contact.jsp, which has not been 
translated. The Container reads 
the Contact.jsp page to start the 
translation process. 


② 



Header.jsp 


The container sees the include 
directive, and combines the 
source code of Header.jsp and 
Contact.jsp, and creates/translates 
that into a Java source file for the 
generated servlet. 


— ~*—1 


public void 

j spServi^^a 
(HttpServletRe- 
quest request, 
HttpServletRe- 
sponse response) 
throws java. 



io.IOException, 5 


ServletEx- 



ception 
{out.write 





Compile into 


> 


101101 
101101 
101010000 
10 1010 1 
00 01010 
1 1010101 


Container 


Contact^jsp.jav/a 


Co ntact^jsp. class 



Contact.jsp 


<htmlxbody> t 3 
<img src=’’images/ 
Web-Services.jpg 


know how to make 
SOAP suck less〆. 
strongX/em> 
<brx/body> 
</html> 


Header.jsp 


The Container compiles the 
translated source file into a servlet 
class. It’s just like any other servlet 
at this point, and the previous step 
never has to happen again, unless 
Contact.jsp changes (or, if your 
Container is smart and can tell 
that the included Header.jsp has 
changed). 


④ 




<br></body> 

</html> 


Header.jsp 


To complete the request, the 
Container loads the newly- 
compiled class, initializes a servlet 
(instantiates the servlet then calls 
init() on the new object), allocates 
a thread for the request, and 
calls the JspService() method. 
From the second request on, the 
Container does only step (C): 
allocates a thread and calls the 
JspService() method. 
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<jsp:include /> standard action 


The <jsp:mclude> standard action at first request 

With the include standard action, there’s less work at translation time, and 
more work with each request, especially if the included file is a JSP. 



The client makes a request for Contact, 
jsp, which has not been translated. The 
Container reads the Contact.jsp page to 
start the translation process. 



Header, jsp 


The container sees the include standard 
action, and uses that to insert a method 
call in the generated servlet code 
that—at runtime—will dynamically 
combine the response from Header, 
jsp into the response from Contact, 
jsp. The Container generates servlets 
for both JSP files. (This is not dictated 
by the spec, so we’re showing only an 
example of how it could work.) 


③ 



The Container compiles the translated 
source file into a servlet class. It’s 
just like any other servlet at this point. 
The generated servlet class file is 
loaded into the Container’s JVM and is 
initialized. Next, the Container allocates 
a thread for the request and calls the 
JSP’s 」 spService() method. 


④ 


一 ~—1 

> 


<html><body> 

<img src= w images/ 
Web-Services.jpg 
> <br> 

<em><strong>We 
know how to make 



SOAP suck less〆 ， 
strong></em> 



</html> 



translate 


public void 

_j spServii^^^ 
(HttpServletRe- 
quest request. 

compile 

101101 O 
101101 

sponse response) 


101010000 

throws java, 
io.IOException, 

10 1010 1 

ServletEx- 
ception 
{out.write 


00 01010 


Header.jsp Header_Jsp.jav/a Header_jsp.class 



RequestDispatcher 


The Contact servlet hits the method 
that does the dynamic include, and 
something vendor-specific happens! 

All we care about is that the response 
generated by the Header servlet is 
combined with the response from the 
Contact servlet (at the appropriate 
place). (NOT SHOWN: at some point the 
Header.jsp is translated and compiled, 
then the generated servlet class is 
loaded and initialized.) 
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The attribute names are 
different for the include 
directive and <jsp：include > 

Memorize this! Look at the attributes for the two include 
mechanisms... what’s different? 

<%@ include file="Header.jsp 。> 


<jsp：include page="Header.jsp /> 

, at ing, the Container cares only about files—jsp to .jav , 

l n u d t p a ge= ， _ S p，，> standard action 广 

with all standard actions, is executedat ==二 ed 
when the Container cares about pages to be exe 


Can the included JSP have its own dynamic 
content? In your examples, the Header.ysp might as well 
have been a static Header.html page. 


A I 

It's a JSP, so yes it can be dynamic (but you're right- 
in our example we could have made the header a static 
HTML page and it would have worked in exactly the same 
way). There are a few limitations, though: an included page 
CANNOT change the response status code or set headers 
(which means it can’t call, say, addCookiesO). You won’t get 
an error if the included JSP tries to do things it can’t — you 
just won’t get what you asked for. 

o ： 

But if the included thing is dynamic, and you're 
using the static include directive, does that mean that the 
dynamic stuff is evaluated only once? 


A ! 

Let’s say you include a JSP that has an EL expression 
that calls the rolllt function that generates a random number. 
Remember, with the include directive, that EL expression 
is simply copied into the includING JSP. So each time that 
page is accessed, the EL expression runs and a new random 
number is generated. Burn this in: with the include directive, 
the source of the included thing becomes PART of the page 
with the include directive. 


The include directive is 

position-sensitive! 

= Y di _ ve whose Position in 

[ he JSP actua,, y _ters. With a page directive 
for exam Ple，you can put it anywhere in the ’ 

SdlreZfs 么::一 •一 

But the include directive tells the Container 
exa . ct ^ y WHE RE to insert the source from the 

hn h H f ，， e J F ° r example ， if y° u，re including 
botha hea der and a footer, it might look 
something like this: 


<html><body. 


> 


<%@ include file= ,, Header.htmr , %> <br> 
<em>We can help.</em> <br><br> 

Contact us at: ${initParam.mainEmail} <br> 
<%@ include file= ,, Footer.htmr , %> 

</bodyx/html> ^ 


f youm J S p , 

" : y cd ^ is 

ORDBR ‘ 勒 … 

yes, <jsp ： *m^ludc> is douv-sc 
f[LS0 posi*tio^-sci^si*tivc, bu 七 move 

obvious div-cdtivc- 
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HELLO! Did you actually 
LOOK at the generated 
servlet code for the include 
directive? You’ve got nested 
HTML and BODY tags! Thafs 
wrong and stupid. 



Uh-oh. She's right... 

Think about what we did. We made a page for the header, “Header. 
jsp”. It was a nice JSP all on its own, complete with its opening and 
closing HTML and BODY tags. Then we made the “Contact.jsp” 
and it, too, had nice opening and closing tags. Well, didn’t we say that 
everything in the included file is pasted (virtually) into the page with the 
include? That means everything. 


The code below, from the generated servlet, will NOT work in all 
browsers. It worked in ours because we got lucky. 


out. write (''<htmlXbody>\r"); 

out. write (''\ r<html>\r<body>\ r 

<img src=\’’images/Web-Services • jpg\" > 
<br>r<em><strong>We know how to make SOAP 
suck less . </strongx/em> <br>\r\r 

. ^</body>\r</html>\r"); 


out. write (''\r<br>\r\r\r<em>We can help . </em> 

<br><br>\r\rContact us at: ; 


out.write((java.lang.String) org.apache.jasper.runtime. 

PageContextlmpl • proprietaryEvaluate (''$ { ini t Par am • 
mainEmail }〃， java.lang.String.class, 

(PageContext)_jspx_page_context, null, false)); 


out. write ( 、 '\r\r\ r</bodyX/html>"); 


Do NOT pul -； r re usa»i^ i— 

BODY tags within y template chunks 

Design and 气：工 ) assuming they 

(like headers ， n” 上 。 ^ oTHE R P^e. 




(line ^ 

will be included 
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Don*t expect 
ME to strip out your 
redundant opening and 
closing tags. 



The way we SHOULP have done it 

Here we took the opening and closing tags out of the included files. This 
does mean that the included files can no longer generate valid HTML 
pages on their own; they now depend on being included in something 
bigger. Something with <html><body> and </body></html> tags. But 
that’s the point — you’re designing these reusable chunks so that you can 
compose complete layouts from smaller pieces, without duplicating the 
code by hand. These reusable chunks aren’t meant to live on their own. 


<img src=’’images/Web-Services • jpg" > <br> 

<em><strong>We know how to make SOAP suck less. </strongx/em> <br> 




0 o o 


4 ► ll^llc] 

- ■ • - J - - f 

+ http://localhost:8080/tests/Contact.jsp 

"Qr Coogle J 

QQ J2SE 1.5 in a 馳 shell 

Colorado C...opers Horne Slash'dot: Nc...hat matters orkul 

— home java.net 》 



We know how to make SOAP suck less. 

We can help^ 



Contact us at: likewecare@wickedlysmart.com 
home page 


No*bc ： *this idea 

ou*t 

oPChihCi dhd dlos*m(\ 
applies -fco dOTW 
ihdude mcdiiahisms— 
<jsp ： *mdludc> dhd 七 he 
•mdude div'Cd-tivc- 
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using <jsp:param /> 


Customizing the included cowtcwt with <jsp:param> 

OK, so you’ve got a header that’s supposed to appear the same way on every page. But 
what if you want to customize part of the header? What if you want, say, a context- 
sensitive subtitle that’s part of the header, but that changes depending on the page? 

You have a couple options. 

The dumb way: put the subtitle information into the main page, as, say, the first thing 
in your page after the include for the header. 

The smarter way: pass the subtitle information as a new request parameter to the 
included page! 

Why that^s cool: if the subtitle information is supposed to be part of the header, 
but it’s a part that changes, you still want the header part of the template to make the 
decision about how that subtitle should appear in the final page. In other words, let the 
person who designed the header decide how the subtitle should be rendered! 


JSP that does the include 

<htmlxbody> 






i\o 




s\asV>! 


<j sp : include page=^Header.jsp ; 

<jsp:param name=’’subTitle" value=’’We take the sting out of SOAP." /> 

</ j sp: include 〉 ^dudo l, n 

y- J 二， 


<br> 

<em>Web Services Support Group.</em> <br><br> 
Contact us at: ${initParam.mainEmail} 
</body></html> 


H r, ^ r 7,so 

^ ^ ^iud C d 


The included header that USES the new param (“Header.jspf”) 


<img src=’’images/Web-Services • jpg" > <br> 
<em><strong>$ {param. subTitle}</strongx/em> <br> 





Note* -this idea o( pa\rarws 
does 的七 r^akc sc^sc v/rth 

七 he mdlude diircd-tivc (whidh 

is 灼 。七 dyharwid), so rt applies 

OblLy -to ihc <jsp ： *m^|udc> 
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This got me thinking... if I can 
include one JSP in another, what 
if I wanted to forward from one JSP 
to another? If the client gets to my 
page and hasn’t logged in, I want to 
send him to a different page... 



The <jsp:forward> standard action 

You GAN forward from one JSP to another. Or from one 
JSP to a servlet. Or from one JSP to any other resource in 
your web app. 

Of course, you don’t usually want to do this in production, 
because if you’re using MVG, the View is supposed to be 
the View! And the View has no business doing control 
logic. In other words, it shouldn’t be the View’s job to 
figure out if the guy is logged in or not — someone else 
should have made that decision (the Controller), before 
deciding to forward to the View. 


But let’s suspend all that good MVG judgement for the 
time being, and see how we could do it, if we were to forward 
from a JSP page to something else. 

Why bother if you’ll never do it? Well, you might one day 
stumble on a problem where <jsp:forward> is a useful 
solution. More importantly, like a lot of what’s in the 
book (and the exam), the use of <jsp:forward> is outthere. 
Lurking in gazillions of JSPs that you might one day find 
yourself maintaining (or ideally refactoring). 
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using <jsp:forward /> 


A conditional forward... 


So imagine you’re a JSP and you assume you’re being called from a request 
that includes a user Name parameter. Since you’re counting on that parameter, 
you want to first check that the userJVame parameter isn’t null. If it’s not, no 
problem — finish the response. But if the userJVame parameter is null, you want 
to stop right here and turn the whole request over to something else — like a 
different JSP that will ask for the userJVame. 

For now, we know we can do it with scripting: 

JSP with a conditional forward (Hello.jsp) 

<htmlxbody> 


Welcome to our page! 


U ~ 、 Test W 从 c 代 — ? ava 以 




<% if (request. getParameter (''userName^) == null) { %> 


<j sp : forward page= A, HandleIt. j sp" /> 



JSP to which the request is forwarded (Handlelt.jsp) 


<htmlxbody> 

We're sorry... you need to log in again. 



<form action= 〃 Hello•jsp 〃 method= 〃 get〃> 

Name : <input name="userName" type="text"> 

<input name= 〃 Submit 〃 type= 〃 submit〃> 

</form> 


jus*t cm... ttcllo jsf. 


</body></html> 
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How it runs... 

The first time you request the Hello.jsp, the JSP does the 
conditional test, discovers there’s no value for userName, 
and forwards to the Handlelt.jsp. Assuming the user types a 
name into the name input field, the second request won’t do 
the forward, since the userName request parameter has a 
non-null value. 


First request for Hello.jsp 


0OO 




a 

c 

+ 


0 http://localhost:8080/tests/Hello.jsp 

CQ JZSE L5 eii a nutshell 

Colorado C...opers Home Slashdot: Ne . -上如 


We，re sorry...you need to log in again. 


Name: Johannes 


/ Submit 


Second request for Hello.jsp 


0OO 





e 

+ 


0 http://localhost:8080/tests/Hello.jsp 

DP J2SE L5 in a NutshelJ 

Colorado C...opers Home Slashdot: Me … hai 


Welcome to our page! 
Hello Johannes 


Wait a minute... what 
happened to the words 
''Welcome to our page !’’？ They’re 
in the Hello.jsp before the forward 
happens...so why don’t they show up 
on the first request? 


% 



How come the “Welcome to our page!” 
text didn^ print out the first time? 
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<jsp:forward /> standard action 


With <Jsp:forward>, the buffer is 
cleared PEFORE the forward 


When a forward happens, the resource to which the request is 
forwarded starts with a clear response buffer! In other words, 
anything written to the response before the forward happens 
is thrown out. 


^iierei£irejiP 

Dumb Questions 

This makes sense if the page is buffered... because what you 
write is sent to the buffer, and the Container just clears the buffer. 
But what if you commit the response BEFORE you do the forward? 
Like, what happens if you write something and then call flushO on 
the out object? 


NOTHING you write before 
丑 ie forward will ^pear if ^ie 
forward h^pens- 


A • 

OK, we know you’re just asking this out of intellectual curiosity 
since it would be a phenomenally stupid and pointless thing to do. But 
you know that. 


But you also know that weird things can still be on the exam, since 
your too-lazy-to-learn-it co-worker might just put something this crazy 
into his code, in which case you better get used to it. 

You can probably think through the answer, though. If you write some¬ 
thing like: 


<htmlxbody> 


Welcome to our page! 


<% out.flush() ; %> 

<% if (request. getParameter (''userName^) == null) { 

%> 

<j sp : forward page="HandleIt•jsp" / > <% } %> 

Hello ${param.userName} 

</body></html> 

The Container dutifully commits (sends) "Welcome to our page!”as the 
response and then the Container sees the forward. Uh-oh. Too late. 
And an INegalStateException happens. 

Except nobody will see the exception! The client just sees "Welcome to 
our page!” … and nothing else. The forward throws an exception but it’s 
too late for the Container to take back the response, so the client sees 
what was flushed, and that’s it. The forward doesn’t happen, the rest of 
the current page doesn’t happen. End of story for that page. So never 
do a flush-and-forward! 
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j I don't understand how we 
ended with a scriptlet. I was 
TOLD there would be no scripting 
in this chapter. If only there were a 
way to do a conditional test without 
having to go back to scripting... ^ 


°o 



She doesn't know about JSTL tags 

When you need more functionality, something beyond what you 
can get with the standard actions or EL, you don’t have to resort 
to scripting. In the next chapter, you’ll learn how to use the JSP 
Standard Tag Library 1.1 (JSTL 1.1) to do just about everything 
you’ll ever need, using a combination of tags and EL. Here’s a 
sneak peek of how to do our conditional forward without scripting. 


TWis 

test 


<%@ taglib prefix=’’c" uri =,, http : //j ava . sun . com/ j sp/j stl/core 
<htmlxbody> 

Welcome to our page 

<c : if test:’’$ {empty param. userName }" > 

< j sp: forward page=”HandleIt • jsp” /> 以 lVC 

</c : if> 


^ a 岬 ㈣ :辦 


Hello ${param.userName 
</body></html> 


fy the way... you fv-obably be able -fco v-uh 

iW,s ^ you do^-t have JSTL m youv- web 

3pp. I/Vc II do that \y\ the hext dhap-tev. 
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Peaw - related standard action review 


— BULLET POINTS _ 

_ The <jsp:useBean> standard action defines a variable that holds a reference to either an 
existing bean attribute or, if the bean doesn’t already exist, a new bean. 

■ The <jsp:useBean> MUST have an “id” attribute which declares the variable name that’ll be 
used in this JSPto refer to the bean. 

■ If you don’t include a “scope” attribute with <jsp:useBean>, the scope defaults to page scope. 

■ The “class” attribute is optional, and it declares the class type that will be used if a new bean 
is created. The type must be public, non-abstract, and have a public no-arg constructor. 

■ If you put a “type” attribute in <jsp:useBean>, it must be a type to which the bean can be 
cast. 

■ If you have a “type” attribute but do NOT have a “class” attribute, the bean must already 
exist, since you haven’t specified the class type that should be instantiated for the new bean. 

■ The <jsp:useBean> tag can have a body, and anything in the body runs ONLY if a new bean 
is created as a result of <jsp:useBean> (which means that no bean with that “id” was found in 
the specified (or default) scope). 

■ The main purpose of the body of <jsp:useBean> is to set the new bean’s properties, using 
<jsp:setProperty>. 

■ <jsp:setProperty> must have a name attribute (which will match the “id” from <jsp:useBean>), 
and a “property” attribute. The “property” attribute must be either an actual property name or 
the wildcard 

_ If you don’t include a “value” attribute, the Container will set the property value only if there’s 
a request parameter with a name that matches the property name. If you use the wildcard 
(*) for the “property” attribute, the Container will set the value of all properties that have a 
matching request parameter name. (Other properties won’t be affected.) 

■ If the request parameter name is different from the property name but you want to set the 
value of the property equal to the request parameter value, you can use the “param” attribute 
in the <jsp:setProperty> tag. 

■ The <jsp:setProperty> action uses introspect to match the ‘property’ to a JavaBean setter 
method. If the property is “* ”， then the JSP will iterate over all request parameters to set the 
JavaBean properties. 

_ Property values can be Strings or primitives, and the <jsp:setProperty> standard action will 
do the conversions automatically. 
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The include review 


BULLET POINT 



■ You can build a page with reusable components 
using one of two include mechanisms—the 
include directive or the <jsp:include> standard 
action. 

■ The include directive does the include at transla¬ 
tion time, only once. So the include directive 

is considered the appropriate mechanism for 
including content that isn’t likely to change after 
deployment. 

■ The include directive essentially copies everything 
from within the included file and pastes it into the 
page with the include. The Container combines all 
the included files and compiles just one file for the 
generated servlet. At runtime, the page with the 
include runs exactly as though you had typed all 
the source into one file yourself. 

■ The <jsp:include> standard action includes the 
response of the included page into the original 
page at runtime. So the include standard action 
is considered appropriate for including content 
that may be updated after deployment, while the 
include directive is not. 

■ Either mechanism can include dynamic elements 
(JSP code with EL expressions, for example) as 
well as static HTML pages. 

■ The include directive is the only position-sensitive 
directive; the included content is inserted into the 
page at the exact location of the directive. 

■ The attributes for the include directive and 
the include standard action are inconsistently 
named—the directive uses “file” as the attribute 
while the standard action uses a “page” attribute. 

■ In your reusable components, be sure to strip 
out the opening and closing tags. Otherwise, the 
generated output will have nested opening and 


closing tags, which not all browsers can handle. 
Design and construct your reusable pieces know¬ 
ing that they’ll be included/inserted into something 
else. 

■ You can customize an included file by setting (or 
replacing) a request parameter using the 
<jsp:param > standard action inside the body of a 
<jsp:include>. 

■ We didn’t show it in this chapter, but the 
<jsp:param> can be used inside the body of a 
<jsp:forward> tag as well. 

■ The ONLY places where a <jsp:param> makes 
sense are within a <jsp:include> ora 
<jsp:forward> standard action. 

■ If the param name used in <jsp:param> already 
has a value as a request parameter, the new 
value will overwrite the previous one. Otherwise, a 
new request parameter is added to the request. 

■ The included resource has some limitations: it 
cannot change the response status code or set 
headers. 

■ The <jsp:forward> standard action forwards the 
request (just like using a RequestDispatcher) to 
another resource from the same web app. 

■ When a forward happens, the response buffer is 
cleared first! The resource to which the request 
was forwarded gets to start with a clean output. 

So anything written to the response before the 
forward will be thrown away. 

■ If you commit the response before the forward 
(by calling out.flush(), for example), the client will 
be sent whatever was flushed, but that’s it. The 
forward won’t happen, and the rest of the original 
page won’t be processed. 
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exercise answers 


BE ike Container 
娜爾 s 



Look at this standard action: 




Mote- tW^s V^as a ^ 
but y^° 


5 i \ de a ， 

e 斗工 . 

• (W H 

dc^avcd *^ c ^ 


< j sp : useBean id="person’’ type=’’foo . Employee’’ scope=’’request’’ > 

<j sp:setProperty name="person 〃 property= 〃 name" value="Fred 〃 / 
</j sp : useBean > 

Name is: < j sp : getProperty name=’’person’’ property=’’name’’ /> 

① What happens if the servlet code looks like: 


abs*brad 七 


foo.Person p = new foo.Employee(); 
p. setName (''Evan"); 

request. setAttribute (''person", p); 

FAILS a 七 \rcqucst -time! nc >cv-so ^ ； aUvibutc is st>vcd at v-c^cst 
sco^ so <\sp ： uscBca^ > *ta5 >/ovk spc^.+.cs or^ly a 

七 vi Tk CoXm^ mm \( you or,ly a 

妞 eve MUST be ocistm^ bcar^ aUvibutc o\ that By\A sto^ 



(2) What happens if the servlet code looks like: 

foo.Person p = new foo.Person(); 
p. setName (''Evan"); 

request. setAttribute (''person", p ); 

心七山 liUI “一 

2 p ^ Coh-bmcir , rts mo\rc like U Bc the C(?/V 1 P|LE/? W 

b— “ •• ■祕 IXz! . 


Both classes a\rc *m 

七 he U. 
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c 办尹尹在它 


Sxam QAaptet 玄 


Given an HTML form that uses checkboxes to allow a user to select 
multiple values for a parameter called hobbies. 


Which EL expressions evaluate to the first value of the hobbies 
parameter? (Choose all that apply.) 

Q A. ${param.hobbies} 

Q B. ${paramValue.hobbies} 

Q C. ${paramValues.hobbies[0]} 

□ D. ${paramValues.hobbies[1]} 

口 E. ${paramValues[hobbies][0]} 

Q F. $ {paramValues [hobbies] [1] } 



Given that a web application stores the webmaster email address in the 
servlet context initialization parameter called master-email. 


Which retrieves that value? (Choose all that apply.) 


□ 

A. 

<a 

□ 

B. 

<a 

□ 

G. 

<a 

□ 

D. 

<a 


href= f mailto : ${ ini t Par am. mas ter-email } r > 
email me</a> 

hrefmailto : ${contextParam.master-email }'> 
email me</a> 

href =, mail to : $ {initParam [ 'master-email ' ] }'> 
email me</a> 

hrefmailto : ${contextParam['master-email']} f > 
email me</a> 
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Given the following Java class: 

package com•mycompany; 
public class My Functions { 

public static String hello(String name) { 
return ''Hello ''+name; 

5. } 

6 . } 

This class represents the handler for a function that is part of a tag library. 

<%@ taglib uri="http://mycompany • com. tags" prefix= " comp r, %> 

Which Tag Library Descriptor entry defines this custom function so that it can 
be used in an EL expression? 

口 A. <taglib> 

參參參 

<tag> 

<name>Hello</name> 

<tag-class>com.mycompany.MyFunctions</tag-class> 

<body-content>JSP</body-content 〉 

</tag> 

</taglib> 

口 B. <taglib> 

<function> 

<name>Hello</name> 

<function-class>com.mycompany.MyFunctions</function-class> 
<function-signature>java.lang.String hello(java•lang.String) 

</function-signature 〉 

</function> 

</taglib> 

口 G. <web-app> 

<servlet> 

<servlet-name>hello</servlet-name> 

<servlet-class>com.mycompany.MyFunctions</servlet-class> 
</servlet> 

</web-app> 

Q D. <taglib> 

• • • 

<function> 

<name>Hello</name> 

<function-class>com.mycompany.MyFunctions</function-class> 

<function-signature>hello(java•lang.String)</function-signature> 
</function> 

</taglib> 


1 

2 

3 

4 
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Given: 

1. package com.example; 

2. public class TheBean { 

3. private int value; 

4. public TheBean() { value =42; } 

5. public int getValue() { return value; } 

6. public void setValue(int v) { value = v; } 

7. } 

Assuming no instances of TheBean have been created yet, which JSP 

standard action statements create a new instance of this bean and 

store it in the request scope? (Choose all that apply.) 

Q A. <j sp : useBean name="myBean" 

type="com•example.TheBean" /> 

Q B. <j sp : makeBean name="myBean" 

type="com•example.TheBean" /> 

Q G. <j sp : useBean id="myBean" 

class=〃com • example . TheBean 
scope=”request” /> 

Q D. <j sp : makeBean id= 〃 myBean 〃 

class=〃com • example . TheBean 
scope="request" /> 


Given a Model 1 architecture in which a JSP page handles all of the controller 
functions, that JSP controller needs to dispatch the request to another JSP page. 

Which standard action code will perform this dispatch? 

Q A. < j sp : forward page="view•jsp" /> 

口 B. < j sp : forward file= A, view. j sp A, /> 

Q G. < j sp : dispatch page= A, view. j sp A, /> 

Q D. < j sp : dispatch file="view • j sp" /> 
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Given: 

11. <% 

java.util.List list = 

new j ava. util. ArrayList (); 

12. 

list. add (''a A, ); 


13. 

list. add (''2 A, ); 


14. 

list • add ( 、 'c ”）； 


15. 

request. setAttribute (' 

'list : 〃， list); 

16. 

request. setAttribute (' 

'listldx", 、 'l"); 

17. %> 





18. <%-- insert code here --%> 

Which, inserted at line 18, are valid and evaluate to c ? (Choose all that apply.) 

□A. ${list.2} 

□ B. ${list[2]} 

Q C. ${ list.listldx+l } 

□ D. ${list[listldx+l]} 

口 E. ${list['listIdx A + 1]} 

□ F. ${list[list[listldx] ]} 


^ Which statements about the . (dot) and [] EL operators are true? 
/ (Choose all that apply.) 

Q A. ${ foo. bar } is equivalent to $ { foo [bar] } 

Q B. ${ foo.bar } is equivalent to ${ foo [ ''bar" ] } 

O G. ${foo[' 、 5"]} is valid syntax if foo is a Map 

Q D. $ { header. User-Agent } is equivalent to 
${header[User-Agent]} 

□ E . $ { header. User-Agent} is equivalent to 

$ {header [ ''User-Agent" ] } 

□ F. $ { foo [5] } is valid syntax if foo is a List or an array 
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Given a JSP page with the line: 

${101 % 10 } 

What will be displayed? 

□ A. 1 

□ B. 10 

□ G. 1001 

□ D. 101 % 10 

□ E. {101 % 10} 


Given: 

10 . $ {par am. firs tname} 

11. ${param.middlename} 

12. ${param.las tname} 

13. ${paramValues.lastname[0]} 

Which describes the output produced by this portion of a JSP page when passed the 
query string ?firstname=John&lastname=Doe? 

□A. John Doe 

Q B. John Doe Doe 

Q G. John null Doe 

Q D. John null Doe Doe 

□ E. A null pointer exception will be thrown. 


Which show valid usage of EL implicit variables? (Choose all that apply.) 

Q A. $ {cookies•foo} 

口 B. ${initParam.foo} 

□ C. ${pageContext.foo} 

Q D. $ {requestscope•foo} 

口 E. ${header [''User-Agent"] } 

□ F. $ {requestDispatcher. foo} 

Q G. ${pageContext.request.requestURI} 
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11 


Which are true about the < j sp : useBean> standard action? 
(Choose all that apply.) 


□ 

A. 

□ 

B. 

□ 

G. 

□ 

D. 

□ 

E. 


The id attribute is optional. 

The scope attribute is required. 

The scope attribute is optional and defaults to request. 

Either the class or type attributes may be specified, 
but at least one. 

It is valid to include both the class attribute and the type 
attribute, even if their values are NOT the same. 


12 


How would you include dynamic content in a JSP, similar to a 
server-side include (SSI)? (Choose all that apply.) 

Q A. <%@ include file="/segments/footer • j spf" %> 

Q B. < j sp : forward page=’’/segments/f ooter • j spf ” /> 

Q G. < j sp : include page="/segments/f ooter • j spf’’ /> 

□ D. RequestDispatcher dispatcher 

=request • getRequestDispatcher (''/segments/footer • jspf"); 
dispatcher.include(request,response); 


13 


In an HTML page with a rich, graphical layout, which JSP standard action can 
be used to import an image file into the JSP page? 

Q A. < j sp:image page="logo.png" /> 

口 B. < j sp : image file="logo • png" /> 

Q G. <j sp : include page="logo•png" /> 

□ D. < j sp : include file="logo . png” /> 

Q E. This CANNOT be done using a JSP standard action. 
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Given: 

1. package com.example; 

2. public class My Functions { 

3. public static String repeat(int x. String str) { 

4 . // method body 

5. } 

6 . } 

and given the JSP: 

1. <%@ taglib uri= /WEB- INF/myfunctsprefix="my" %> 

2. <%-- insert code here — 一 ％ > 


Which, inserted at line 2 in the JSP, is a valid EL function invocation? 

□ A. ${ repeat (2, 、 '420") } 

□ B. $ {repeat (''2", 、 '420") } 

口 G. $ {my : repeat (2, 、 '420") } 

□ D. $ {my: repeat (''2", 、 '420") } 

□ E. A valid invocation CANNOT be determined. 


15 


Given: 

10. public class MyBean { 

11. private java.util.Map params; 

12 . private java.util.List objects; 

13. private String name; 

14 . public j ava.util.Map getParams() { return params; } 

15. public String getName() { return name; } 

16. public java.util.List getObjects() { return objects; } 

17. } 


Which will cause errors (assume that an attribute named mybean can be found, and 
is of type My Be an)? (Choose all that apply.) 

Q A. ${mybean.name} 

□ B. $ {mybean [ ''name" ] } 

Q G. ${mybean.objects.a} 

Q D. ${ mybean [''params"] .a} 

□ E. $ {mybean. params [ 、 'a" ] } 

Q F. ${ mybean [''objects"] .a} 


you are here ► 427 





mock exams 


16 


Given a JSP page: 

1. The user has sufficiently logged in or out: 

2 . ${param.loggedln or param.loggedOut}. 

If the request includes the query string “ loggedOut:true 〃 ， what will be this 
statement’s displayed value? 


□ 

A. 

□ 

B. 

□ 

G. 

□ 

D. 

□ 

E. 


The user has sufficiently logged 


The user has sufficiently logged in 

The user has sufficiently logged in 
loggedln or param.loggedOut}. 


The user has sufficiently logged in 
loggedln or param.loggedOut. 


The user has sufficiently logged in 


in or out : false. 
or out: true. 
or out: ${param. 

or out: param. 


or out: or true. 


Which about EL access operators are true? (Choose all that apply.) 

Q A. Anywhere the . (dot) operator is used, the [ ] could be used 
instead. 

Q B. Anywhere the [] operator is used, the. (dot)could be used 
instead. 

Q G. If the . (dot) operator is used to access a bean property but the 
property doesn’t exist, then a runtime exception is thrown. 

□ D. There are some situations where the . (dot)operator must be 

used and other situations where the [ ] operator must be used. 


The following code fragment appears in a JSP page: 

]q <j sp : include page= 〃 /jspf/header•html〃/> 

The JSP page is part of a web application with the context root myapp. 


Given that the application’s top level directory is myapp, what is the path to the 

header. html file? 

□A. /header.html 
口 B. / j spf/header.html 
Q G. /myapp/j spf/header.html 
□ D. /includes/j spf/header.html 
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An online jewelry retailer wishes to customize their online catalog for users who 
are logged in. They want to show specials for the user's birthstone month. The 
company’s special offers are stored as a Map<String t Special [ ] > identified as 
specials in application scope and updated daily. 

There is a bean stored as a session-scoped attribute named userlnfo. Galling 
getBirthdate () . getMonth () on this bean will return the user's birthstone 
month. 


Which of the following code snippets could correctly retrieve the appropriate special 
offerings? 

Q A. ${applicationScope[userlnfo.birthdate.month.specials]} 

Q B. ${applicationScope.specials[userlnfo.birthdate.month]} 

Q G. ${applicationScope["specials"].userlnfo.birthdate.month} 
Q D. ${applicationScope["userlnfo.birthdate.month"].specials} 


20 


A web based application for a major online movie rental retailer stores a 
List<Movie> as a session attribute to contain movies the user has requested. 
A random, embedded movie trailer from this list must display on the users’ 
main page every time the users’ main page is viewed. 


Management thinks a similar feature will be needed in the near future on 
other pages that display lists of movies. Streaming video is accomplished with 
regular HTML, just like adding images to a page but with more complex tags. 

The development team needs a solution that is both flexible and maintainable. 
One possible solution is to create an EL function. The following statements 
are from a team meeting concerning EL functions as a solution to this 
problem. Which statements are true? (Choose all that apply.) 

Q A. EL functions can not solve this problem because they can not retrieve 
session attributes. 

Q B. The method implementing the EL function should not be declared 
static to give it access to session scope. 

Q G. The EL function can accept a parameter of java. util. List 
which will allow the needed movie list to be passed to it using EL. 

Q D. You might have to write HTML tags in the middle of Java code using 
an EL function, which is more difficult to maintain. 
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息 找 

玄； 4a^en^ 

Given an HTML form that uses checkboxes to allow a user to select (JSP vZ.O 

multiple values for a parameter called hobbies. 


Which EL expressions evaluate to the first value of the hobbies 
arameter? (Choose all that apply.) 


par 


A. 

□ B. 
^ G. 

□ D. 

□ E. 

□ F. 


${param.hobbies} 

${paramValue.hobbies} 

${paramValues.hobbies[0]} 

${paramValues.hobbies[1]} 

${paramValues[hobbies][0]} 
${paramValues[hobbies][1]} 


Option 3 *»s *m6o\r\rCt-t because 

, *^avam\/aluc ， vahablc. 


is y\o 


—^ is iir\£.oV"VC£-*t ； 3 vv 3 Y^ 
av-c 0 mde^edi- 

-^piiohs E F have 

sy h -ta x . 



Given that a web application stores the webmaster email address in the 
servlet context initialization parameter called master-email. 


(JSP vZ O sedt'to^s 

扣 di U 今） 


Which retrieves that value? (Choose all that apply.) 

□A. <a href= f mailto:${initParam.master-email }'> 

email me</a> 


A *»s -to 


□ B. 

aTc. 


<a href= A mailto : ${contextParam.master-email } r > 
email me</a> 

<a href =, mail to : $ {initParam [ 'master-email ' ] } f > 
email me</a> 


-Option B, *thc\rc is y\o 
do^*tc , )<.*bP3V - am imp|idi*t Vdviablc 


□ D. 


<a href= A mailto : ${contextParam['master-email f ]} 
email me</a> 


> -Option V, ihcrc is i^o 

doh*tc>^*tPav-am iw\p|idi*t vd\ridble 
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Given the following Java class: (JSP v2- 0 

1. package com.mycompany; 

2. public class My Functions { 

3. public static String hello(String name) { 

4 . return ''Hello ''+name; 

5. } 

6 . } 

This class represents the handler for a function that is part of a tag library. 

<%@ taglib uri=^http : //mycompany. com. tagsprefix= " comp r, %> 

Which Tag Library Descriptor entry defines this custom function so that it can 
be used in an EL expression? 

□ A. <taglib> 


5^ B. 


□ G. 


<tag> 

<name>Hello</name> 

<tag-class>com.mycompany.MyFunctions</tag-class> 

<body-content>JSP</body-content> 

</tag> 

</taglib> 

<taglib> 

B uses the dov-v-edt 

<name>Hello</name> 

<function-class>com.mycompany•MyFunctions</function-class> 
<function-signature>java.lang.String hello(java•lang.String) 
</function-signature 〉 

</function> 

</taglib> 

<web-app> 


<function> 






<servlet> 

<servlet-name>hello</servlet-name> 

<servlet-class>com.mycompany.MyFunctions</servlet-class> 
</servlet> 

</web-app> 

□ D. <taglib> 

• • • 

<function> 

<name>Hello</name> 

<function-class>com.mycompany.MyFunctions</function-class> 

<function-signature>hello(j ava.lang.String)</function-signature> 
</function> 

</taglib> 


-Option P because 
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Given: 

1. package com.example; 

2. public class TheBean { 

3. private int value; 

4. public TheBean() { value =42; } 

5. public int getValue() { return value; } 

6. public void setValue(int v) { value = v; 


(JSP sc 




Assuming no instances of TheBean have been created yet, which JSP 
standard action statements create a new instance of this bean and 


store it in the request scope? (Choose all that apply.) 

Q A. <j sp : useBean name="myBean" 

type="com•example.TheBean" /> 


□ B. 
^ G. 


<j sp : makeBean name="myBean" 

type="com•example.TheBean" /> 

< j sp : useBean id=’'myBean" 

class=〃com • example . TheBean 
scope="request" /> 


-OpW A is invalid because the type aibr^it is 
NOT used -to ertait a ^ a^d the 

attribute must be s^M\td U defaults to 阿入 

-Optioh B is ihvalid -Po\r all 0-f iKc above v-casohs 
plus jsp：makcBcah is hlOT a \rcal -taj. 


□ D. < j sp : makeBean id="myBean" 

class= 〃 com•example.TheBean 〃 
scope=”request" /> 


-Option P is mvalid bedause 

is MOT a v-cal iaj. 



/ )rp v i.O s 仏 W 弓 .* 5 ) 

Given a Model 1 architecture in which a JSP page handles all of the controller 
functions, that JSP controller needs to dispatch the request to another JSP page. 


Which standard action code will perform this dispatch? 

5^ A. < j sp : forward page="view. jsp" /> A ,s tovv-cd-t I - IlOX 

D B. <jsp : forward file="view. jsp" /> -Option 3 is mvalid because -the 

□ C. < j sp : dispatch page="view.jsp" /> 翁 ward a 七 ioh has _ 伽 € attr —。 

□ D. <jsp: dispatch file=-view.jsp- / >-Optics C a^d D i,valid b^us, 

仏的 is ⑽ dis^Uh a^io,. 
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(JSP v2-0 sc6t»oir\ 2-3.^) 

Given: 


11. <% java.util.List list = new java.util .ArrayList (); 
12 . list. add (''a A, ); 

13. list .add (''2"); 

14 . list • add ( 、 'c ”）； 

15 . request • setAttribute (''list", list); 

16. request. setAttribute (''listldx", 、 'l ”）； 

17. %> 

18. <%-- insert code here --%> 


Which, inserted at line 18, are valid and evaluate to c ? (Choose all that apply.) 

□ A. ${list.2} ^ , A … ， 

r-jt -Options d^a C "mdovvedt 

« B. $ {list [2] } because do*b opc\ra*to\r davmo 七 

□ G. ${list.listldx+l} be used with a primitive. 

^ D. ${list[listldx+l]} 

□ E. ${list[ 'listldx' + 1] } -Option E is mdovvedt bcdausc EL 

ft/ *tv"ics xo Cot^rtt lis*t|d 乂 *fco a Lo^a 

^ E $ {list [list [listldx] ] } is iywa | id . 


Which statements about the . (dot) and [] EL operators are true? 

(Choose all that apply.) , 

□ A. $ {f oo • bar } is equivalent to ${foo[bar]} 一 1 

1^ B. $ {foo. bar } is equivalent to $ {foo [ ''bar" ] } 






^ G. 

□ D. 

□ E. 
^ F. 


$ { foo [ '、 5 " ] } is valid syntax if foo is a Map 

$ {header. User-Agent} is equivalent to 
${header[User-Agent]} 

$ {header. User-Agent} is equivalent to 
$ {header [ ''User - Agent" ] } 

$ { foo [5] } is valid syntax if foo is a List or 


-Options V a^d E av-c mdov-v-cd-t because 

o( -the dash *m Usc\r- 0r\^ 
hcadc\rC w Usc\r-A5c^3 will wo\rk. 


an array 
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Given a JSP page with the line: 

${101 % 10} 


What will be displayed? 

^ A. 1 

□ B. 10 

□ G. 1001 

□ D. 101 % 10 

□ E. {101 % 10} 


-Option A dov-v-cdt The modulus 
opcva*bov- v-c*tu\r^s the vemamdev* o-r a 
division ofcv-atio^. 


(JSP vZ,0 w 口 ) 



Given: 

10 . $ {par am. firs tname} 

11. $ {param. middlename} 

12. ${param.las tname} 

13. ${paramValues.lastname[0]} 


(JSP vZ.0 益 I - H 

a 灼 d I -下 


Which describes the output produced by this portion of a JSP page when passed the 
query string ?firstname=John&lastname=Doe? 

^ A. John Doe 一巧 tmval.d because Imc IJ 

0^ B. John Doe Doe *tV>c user s last as v/ell. 

Q G. John null Doe 


□ D. John null Doe Doe -0p*tiohs C 3hd D a\rc "mvalid bedduse I'rne II 

□ E. A null pointer exception will h °^ ，h 9 thah U hul| w . 



Which show valid usage of EL implicit variables? (Choose all that apply.) 

Q A. $ { cookies. foo} -Option A is '^CoYYtci bemuse 

13 B. $ { initParam. foo } the variable is Cookie • 



${pageContext.foo} 

${requestScope.foo} 

$ {header [ ''User-Agent" ] } 


-Option C is mdov-v-edt because 

is NOT a Map 

i 七 doesn't have a w W fv-ofev-ty. 


(JSP vZ.0 w I -⑷ 


□ F. 
^ G. 


${requestDispatcher. foo} -Option F is \Uo^cti bemuse 

$ {pageContext. request. requestURI} 七 his is NOT implidi*t objcd*t- 
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11 


12 


^ : : (JSP vZ.0 pgs. \AOl 

Which are true about the < j sp : useBean> standard action? 扣 j 門 l-IO 十） 

(Choose all that apply.) t 咖 /U \UoYYtti 

Q A. The id attribute is optional. because id is vc^uiv-cd- 

口 B. The scope attribute is required. —Options B dr\d C are mdovredt 

G. The scope attribute is optional and defaults to request, bcdausc^sdopc js oftio^al 3^d 

Oil D. Either the class or type attributes may be specified, 
but at least one. 




E. It is valid to include both the class attribute and the type 
attribute, even if their values are NOT the same. 


-(JSP 试出 w ^ 


—/\ is nr\£>oV"\rc£-*t bc£-3usc 
uses mdludc div-edtive, v/hidh is 


How would you include dynamic content in a JSP, similar to a 
server-side include (SSI)? (Choose all that apply.) 

Q A. <%@ include file="/segments/footer • j spf" %> . 

□ B. < j sp : forward page="/segments/footer.jspf" /> 

^ G. <j sp : include page="/segments/footer•jspf" /> 

Q D. RequestDispatcher dispatcher 

=request. getReques tDi spa tcher (''/segments/footer. jspf A, ); 
dispatcher.include(request,response); 


P would be do\r\rCd*t i-f i*t was a sd\rif*tlct i*t -fu^dtio^ally 
■the sa^e ihmg as option C ； bu*t its syrrta 乂 is o^ly used by scv-vlr 


docs 


(JSP v2-.0 sc 

In an HTML page with a rich, graphical layout, which JSP standard action can 
be used to import an image file into the JSP page? 

□ A. <jsp: image page= ,A logo . png" 〆> 一广七、 0 ⑽ A av ^ 


出 on 弓 . 今 ) 


Q B. < j sp : image file="logo • png" /> 


^ 0 ^ C »s mval\a, betause 

mdludc a6t»o\r> is femavv data 

/> g 

一 〜 W P is mvalid because Ihc \uWAt 
a6t»o^ docs y>ol lake a (\\t aUr.butc- 


Q G. <j sp : include page= 〃 logo. 


png 


□ D. < j sp : include file="logo • png” /> 


d 


E. This CANNOT be done using a JSP standard action. 


This is d *bridky <^ucstioh because i^t is 
NOT possible to imfoirt *thc dovrteirrts of 

bmavy -Pile m*to a JSP pay, v/hidh 
HTML response. 
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Given: 

1. package com.example; 

2. public class MyFunctions { 

3 . public static String repeat(int 

4 . // method body 

5. } 

6 . } 


(JSP v2-.0 sc6*t*ioir\ 2-^>) 


String str) { 


and given the JSP: 

1. <%@ taglib uri= A, / WEB -INF/myfunctsprefix="my" %> 

2. <%-- insert code here 一 一 %> 


Which, inserted at line 2 in the JSP, is a valid EL function invocation? 

□ A. ${repeat (2, 、 '420") } 

□ B. $ {repeat (''2", 、 '420") } 

口 G. ${my: repeat (2, 、 '420”）} 

□ D. $ {my: repeat (''2", 、 '420") } t 

E. A valid invocation CANNOT be determined. rrsi TSVm 

Vy\O^I^ 


15 G iven : (XP vZ.O 巧 

10. public class MyBean { 

11. private java.util.Map params; 

12 . private java.util.List objects; 

13. private String name; 

14 . public j ava.util. Map getParams() { return params; } 

15. public String getName() { return name; } 

16. public java.util.List getObjects() { return objects; } 

17. } 


Which will cause errors (assume that an attribute named mybean can be found, and 
is of type My Be an)? (Choose all that apply.) 

口 A. ${mybean.name} 


□ B. 
G. 

□ D. 

□ E. 
^ F. 


$ {mybean [ '、name ” ] } 

${mybean.objects.a} 

${mybean[''params”] .a} 

$ {mybean. params [ ' 、 a” ] } 
${ mybean [''objects"] .a} 


-Options C a^a F will dausc c 代 o\rs. 

is NOT a List f\rofc\rby, a^d smde, 
w ok\c^ is NOT a a lookup 
be fcv-Pov-mcd (as opposed -to P a^d CJ- 
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Given a JSP page: 

1. The user has sufficiently logged in or out: 

2 . ${param.loggedln or param.loggedOut}. 

If the request includes the query string “ loggedOut:true 〃 ， what will be this 
statement’s displayed value? 

Q A. The user has sufficiently logged in or out : false. 

^ B. 


(JSP v2-.0 I 一从 

a 灼 d I - 3) 


□ G. 


□ D. 


d is because 

or 


The user has sufficiently logged in or out: true. 

The user has sufficiently logged in or out: ${param. the EL c^pv-cssio^ usmj 
loggedln or param. loggedOut}. 如 ill tvuc c， ^ cv " 

looked I 灼 or lo^cdOut is tvuc 

The user has sufficiently logged in or out: param. 
loggedln or param.loggedOut. 


□ E. The user has sufficiently logged in or out: or true. 


H Which about EL access operators are true? (Choose all that apply.) 

1/ 

la A. Anywhere the . (dot) operator is used, the [ ] could be used 
instead. 

Q B. Anywhere the [] operator is used, the. (dot)could be used 
instead. 

Q G. If the . (dot) operator is used to access a bean property but the 
property doesn’t exist, then a runtime exception is thrown. 

□ D. There are some situations where the . (dot)operator must be 


(JSP vZ.0 ” I - 岣 ) 

-Option d is \Uor^i because ovs\y 
O Will Y/o\rk 铣⑼ 
a) Lists ay>d a^ays, a^d W Maj>s 
Y/^ose keys av-c v>ot v/cll-Wmcd- 

命 W P 呼”七 


There are some situations where the . (dot)operator must be - 七么 ^ o^cvatov- 63^ 3l>w3V s 

used and other situations where the [ ] operator must be used. ^ 0 ^vcrtcdi "to tV'C C3 


The following code fragment appears in a JSP page: 

]q <j sp : include page= 〃 /jspf/header•html〃/> 

The JSP page is part of a web application with the context root myapp. 


(JSP mU> se 出⑼ ^ 


Given that the application’s top level directory is myapp, what is the path to the 

header. html file? 


□A. /header.html 
口 B. / j spf/header.html 
^ G. /myapp/j spf/header.html 
□ D. /includes/j spf/header.html 


- The path Asf-f/hcadcr.h-tml used as 
the value oVthc <\sy ： \uWAc> s pay 
aiiMt is v-clativc bo the v/ck aPfl^aW, s< 
a lead% badk slash (VO means at the 
s *tof level. 
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- : —~ :- : - : - : - : - : - (JSP 试出挪 H 今） 

An online jewelry retailer wishes to customize their online catalog for users who 

are logged in. They want to show specials for the user's birthstone month. The 
company’s special offers are stored as a Map<String t Special [ ] > identified as 
specials in application scope and updated daily. 

There is a bean stored as a session-scoped attribute named userlnfo. Galling 
getBirthdate () . getMonth () on this bean will return the user's birthstone 
month. 

Which of the following code snippets could correctly retrieve the appropriate special 
offerings? 

U A. ${ applicationScope[userlnfo.birthdate.month.specials] } 

${applicationScope.specials[userlnfo.birthdate.month]} 

${applicationScope["specials"].userlnfo.birthdate.month} 

${applicationScope["userlnfo.birthdate.month"].specials} 

-Oyhov^ d ^i\y ou^r g^\a\C3> ^ the 

I ^ mohlh value the usc/s biv-thday a^d 

uses that as the key b> scav-^h U a ^\a\C3 m -the Assumma a 

^ 败 %副 v-eU^ed. This EL ^ould be used m a 

-rov-tadh tag to i-tev-ate ovcv- -the v-ctuv-hcd specials. 


丄 Jl. 

^ B. 

□ G. 

□ D. 


A web based application for a major online movie rental retailer stores a 
List<Movie> as a session attribute to contain movies the user has requested. 
A random, embedded movie trailer from this list must display on the users’ 
main page every time the users’ main page is viewed. 

Management thinks a similar feature will be needed in the near future on 
other pages that display lists of movies. Streaming video is accomplished with 
regular HTML, just like adding images to a page but with more complex tags. 

The development team needs a solution that is both flexible and maintainable. 
One possible solution is to create an EL function. The following statements 
are from a team meeting concerning EL functions as a solution to this 
problem. Which statements are true? (Choose all that apply.) 

Q A. EL functions can not solve this problem because they can not retrieve 


(J^P vX-0 SC 出挪以） 


-Oftioh A : tKc rwovic list be passed 

as a -to the -Puh^tioh. 


□ B. 
^ G. 
^ D. 


-Option d' methods 七 hat irnf le 州 errt 
灼 s mus 七 always be 
dedlaved public av\d siah^ 


session attributes. 

The method implementing the EL function should not be declared 
static to give it access to session scope. 

The EL function can accept a parameter of java. util. List 
which will allow the needed movie list to be passed to it using EL. 

You might have to write HTML tags in the middle of Java code using mo,re flexible solu*tioh thah ohc "that 
an EL function, which is more difficult to maintain. youv- EL -Puhdtioh -to kdhdle 

scssioh as ih optiohs a ahd b. 


- 外七产 C: a List nr»ay be passed *to 

七 he TUhdtioh. Doih^ so provides 


438 chapter 8 


-Option P ： -the ki^gest veasowt *to cMoost as -bKc 

Ual solution TKc lea- tKose b> use a (\\t as iKe solut.o„ but 
also crM ar, EL 从 at adepts a Colle^W 

a Vd^aom humbev based or. si« o\ CoWttho^ 




9 using J5TL 


Custom tags are powerful 


/ You mean, I spent all 
this time writing scriptlets 
for the things I can't do with EL 
and standard actions, when I 
\ could have used JSTL? 



Sometimes you need more than EL or standard actions. 

What if you want to loop through the data in an array, and display one item per 
row in an HTML table? You know you could write that in two seconds using a for 
loop in a scriptlet. But you’re trying to get away from scripting. No problem. When 
EL and standard actions aren’t enough, you can use custom tags. They’re as 
easy to use in a JSP as standard actions. Even better, someone’s already written 
a pile of the ones you’re most likely to need, and bundled them into the JSP 
Standard Tag Library (JSTL). In this chapter we’ll learn to use custom tags, and 
in the next chapter we’ll learn to create our own. 


this is a new chapter 
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official Sun exam objectives 


O^ncrwn% 

-- 一 


Building JSP pages using tag libraries 


Coverage Notes: 


9.1 Describe the syntax and semantics of the ‘taglib’ 
directive: for a standard tag library, for a library of 
Tag Files. 


9.2 Given a design goal, create the custom tag 
structure to support that goal. 


9.3 Identify the tag syntax and describe the action 

semantics of the following JSP Standard Tag Library 
(JSTL vl.1) tags: (a) core tags: out, set, remove, 
and catch, (b) conditional tags: if, choose, when, 
and otherwise, (c) iteration tags: forEach, and (d) 
URL-related: url. 


All of the objectives in this section are covered 
in this chapter, although some of the content is 
covered again in the next chapter (Developing 
Custom Tags). 


Installing the JSTL 1.1 

The JSTL 1.1 is NOT part of the JSP 
2.0 specification! Having access to 
the Servlet and JSP APIs doesn’t 
mean you have access to JSTL. 

Before you can use JSTL, you need 
to put two files, “jstl.jar” and “standard. 
jar” into the WEB-INF/lib directory of 
your web app. That means each web 
app needs a copy. 

In Tomcat 5, the two files are already 
in the example applications that ship 
out-of-the-box with Tomcat, so all you 
need to do is copy them from one 
directory and put them into your own 
app’s WEB-INF/lib directory. 

Copy the files from the Tomcat 
examples at: 

webapps/jsp-examples/WEB-INF/ 

lib/jstl.jar 

webapps/jsp-examples/WEB-INF/ 

lib/standard.jar 

And place it in your own web app’s 
WEB-INF/lib directory. 
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using JSTL 


There's got to be a 
way to iterate through a 
collection in a 
scripting. I want to show 
one element per row in 
a table... 



EL and standard actions 
are limited 

What happens when you bump into a brick wall? 
You can go back to scripting, of course — but you 
know that’s not the path. 

Developers usually want way more standard actions 
or — even better — the ability to create their own 
actions. 

That’s what custom tags are for. Instead of saying 
<jsp:setProperty>, you want to do something like 
<my:doGustomThing>. And you can. 

But it’s not that easy to create the support code 
that goes behind the tag. For the JSP page creator, 
custom tags are much easier to use than scripting. 
For the Java programmer, however, building the 
custom tag handler (the Java code invoked when a 
JSP uses the tag) is tougher. 

Fortunately, there’s a standard library of custom 
tags known as the JSP Standard Tag Library 

(JSTL 1.1). Given that your JSP shouldn’t be doing 
a bunch of business logic anyway, you might find 
that the JSTL (combined with EL) is all you’ll ever 
need. Still, there could be times when you need 
something from, say, a custom tag library developed 
specifically for your company. 

In this chapter, you’ll learn how to use the core 
JSTL tags, as well as custom tags from other 
libraries. In the next chapter, we’ll learn how to 
actually build the classes that handle calls to the 
custom tags, so that you can develop your own. 
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where’s my html? 


The case of the disappearing HTML (reprised) 

On page 384, you saw how EL sends the raw string of content directly 
to the response stream: 


<div class='tipBox'> 

<b>Tip of the Day : </b> <br/> <br/> 
${pageContent.currentTip} 

</div> 


What 


ve^got / 


— 恤 ? T^e <\>></^> 
taas a»a^*t U ? as but 
i^oi as 

七^七 >was bolded* 


What we want 


<div class='tipBox'> 


<div class='tipBox'> 

<b>Tip of the Day : </b> <br/> 


<b>Tip of the Day : </b> <br/> <br/> 

<bx/b> tags make things bold! 


&lt;b&gt;&lt;/b&gt ; tags make things bold! 

</div> 


</div> 


TWis domes ou 七 
ds 3v\ w 'mvisiblc W 
bolded cmfby spate- 


Rendered as 



• 、 http://localhost:8080/testJSP1/Tester.do 


Rendered as 

l 




_ ' - ■ 1 1 [^p.:"!ocalhost:^080/testJSP1/Tester_do 


‘厂 


Tip of the Day: 


Tip of the Day: 

tags make things bold! 


<bx/b> tags make things bold! 


What we need is a way to convert those angle brackets into 
something the browser will render as angle brackets, and there 
are two ways to do this. Both use a static Java method that 
converts HTML special characters into their entity format: 


Use an EL function 


Use a Java helper method 


<div class='tipBox'> 

<b>Tip of the Day : </b> <br/> <br/> 

${fn:convEntity(pageContent.currentTip)} 
</div> 


<div class='tipBox'> 

<b>Tip of the Day : </b> <br/> <br/> 
${pageContent.convertedCurrentTip} 
</div> 



Wcrts *tV^C 
Kclpcv wc*tV^od 
•(jO w\dkc 七 WlS 

OV\t >WOV-k. 


public String getConvertedCurrentTip() { 

return HTML.convEntity(getCurrentTip()); 
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There's a better way: use the <c:out> tag 

Whichever approach you use, it’s a bit unclear exactly what’s 
going on... and you may have to write that helper method for 
all your servlets. Luckily, there’s a better way. The <c:out> 
tag is perfect for the job. Here’s how conversion works: 

You caw explicitly declare the conversion of XML entities 

If you know or think you might run into some XML entities 
that need to be displayed, and not just rendered, you can use the 
escapeXml attribute on c:out. Setting this to true means that any 
XML will be converted to something the web browser will render, 
angle brackets and all: 


<div class='tipBox '> 

<b>Tip of the Day : </b> <br/> <br/> 

<c : out value='${pageContent.currentTip}* escapeXml='true' / > 


</div> 

You caw explicitly declare NO conversion of XML entities 

Sometimes, you want just the opposite behavior. Maybe you’re 
building a page that takes content, and you want to display that 


Your HTML is brtaitd 

as )<HT/VIU m 七 um 

is … so 七 Wis 
HTML -too- 


content with HTML formatting. In that case, you can turn off 
XML conversion: 

<div class='tipBox'> 

<b>Tip of the Day : </b> <br/> <br/> 

<c : out value = 1 ${pageContent.rawHTML } 1 escapeXml: 
</div> 

Conversion happens by default 

The escapeXml attribute defaults to true, so you can leave it out if 
you want. A c : out tag without an escapeXML attribute is just the 
same as a c : out tag with escapeXML set to “true.” 

<div class='tipBox'> 

<b>Tip of the Day : </b> <br/> <br/> 

<c : out value='${pageContent.currentTip}' / > 

</div> 


false' /> 


^ TW l is ^ ^ 

as 





This is dd*bually iderrtidal m 
*to 七 his. ^_ 
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escaping html 


ffcereiEirejiP 

Dumb Questions 

Which HTML special characters are converted? 

A • 

It turns out this conversion is rather simple. There are only five 
characters that require escaping: <,>, &, and the two quote symbols, 
single and double n . All of these are converted into the equivalent HTML 
entities. For example, < becomes &lt;, & becomes &amp;, and so on. 

Last month my company hired a web consultant to audit our 
web application. She noticed that we were using EL everywhere to 
output strings entered by users. She said this was a security risk and 
recommended we output all user strings using the c:out tag. What gives? 


Character 

Character Entity Code 

< 

&lt; 

> 

&gt ； 

& 

&amp; 

! 

&#039; 

U 

&#034; 


A: 


Your consultant was right. The security risk she is referring to is called 


cross-site hacking or cross-site scripting. The attack is sent from one user 
to another user’s web browser using your webapp as the delivery mechanism. 




Userl 

‘cracker” 


The cracker enters a comment field in your webapp, 
which is stored in the database. The cracker includes 
viral JavaScript code in the comment. 


Your webapp 





User2 

“innocent’ 



The innocent user views the cracker’s comment, 
but the text the cracker entered also includes 
JavaScript code that compromises user2’s system! 



What happens if value of the EL expression is null? 


A • 

Good question. You know an EL expression ${evalsToNull} 
generates an empty string in the response output, and so will 
<c : out value="${evalsToNull} "/>. 


Wo>wscv, ^o.ls atta 

VaSCV*I • 


But that’s not the end of the story with c: out. The c: out tag is smart, and 
it recognizes when the value is null and can perform a special action. That 
action is to provide a default value... 
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Null values are rendered as blank text 

Suppose you have a page that welcomes the user by saying 
“Hello <user>.” But lately, users haven’t been logging in, and 
the output looks pretty odd: 

EL prints nothing if user is null 

<b>Hello ${user}.</b> 


Renders as 



A JSP expression tag prints nothing if user is null 

<b>Hello <%= user %> .</b> 


Renders as 





Sih f c 如 d <% 二嫩 ％> 

卜 etty s-t^hjc lookihg... 




Seta default value with the default attribute 


Suppose you want to show these anonymous users a message 
that says, “Hello guest.” This is a perfect place to use a 
default value with the c : out tag. Just add a default 
attribute, and provide the value you want to print if your 
expression evaluates to null: 

<c:out> provides a default attribute 



TK'»s value is output 』 如 value 
evaluates -to Jl. 


<b>Hello <c : out value= A ${user } r default='guest' />.</b> 


Renders as 



N ⑽七 he dehuli value is 


Or you can do it this way: 


<b>Hello <c : out value= f $ {user }' >guest</c : outx/b> 
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Looping without scripting 

Imagine you want something that loops over a collection (say, an array of 
catalog items), pulls out one element at a time, and prints that element in a 
dynamically-generated table row. You can’t possibly hard-code the complete 
table — you have no idea how many rows there will be at runtime, and of 
course you don’t know the values in the collection. The <c:forEach> tag is 
the answer. This does require a very slight knowledge of HTML tables, but 
we’ve included notes here for those who aren’t familiar with the topic. 


By the way, on the exam you are expected to know how to use <c:forEach> 
with tables. 


Servlet code 


String [ ] movieList = {''Amelie”，''Return of the King”，''Mean Girls’’}; 
request • setAttribute (''movieList” ， movieList); 


yas 3 ^ucsi 


What you want 



Movie list: 


Amelie 

Return of the King 
Mean Girls 




In a JSP ，with scripting 


<table> 

<% String [ ] items = (String []) request. getAttribute (''movieList^); 
String var=null; 

for (int i = 0; i < items.length; i++) { 

var = items[i]; 

%> 

<tr><td><%= var %></ td></tr> 

<% } %> 

</table> 
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<c:forEach> 

The <c:forEach> tag from the JSTL is perfect for this 
a simple way to iterate over arrays and collections. 

JSP code 

<%@ taglib prefix=’’c" uri=’’http ://j ava • sun • com/j sp/j stl/core" %> 
<htmlxbody> 

<strong> Movie list:</strong> 

<br><br> 


-it gives you 




<table> 

<c : forEach var="movie" items="${movieList}" > 


<tr> 




<td>${movie}</td> 
</tr> 




</c : forEach> 

</table> 




</body></html> 


Crash refresher on HTML tables 

<table> 


sWds U Table Re. 
<W> sta^ ^ TaW. Pa^a- 


<tr> 

<tr> 

<tr> 


<td>datd for this ce//</td> 

<td>data for this ce//</td> 

<td>data for this cell</td> 

<td>data for this ce//</td> 

<td>data for this ce//</td> 

<td>data for this cell</td> 

<td>data for this ce//</td> 

<td>data for this cell</td> 

<td>data for this cell</td> 


</tr> 
</tr> 
</tr> 


</table> 


Tables are pretty straightforward. They’ve got cells, arranged into rows 
and columns, and the data goes inside the cells. The trick is telling the 
table how many rows and columns you want. 

Rows are defined with the <tr> (Table Row) tag, and columns are 
defined with the <td> (Table Data) tag. The number of rows comes 
from the number of <tr> tags, and the number of columns comes from 
the number of <td> tags you put inside the <tr></tr> tags. 

Data to print/display goes only inside the <td> </td> tags! 
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the <c:forEach> tag 


Reconstructing <c:forEach> 


The <c:forEach> tag maps nicely into a for loop — the tag repeats the body of 
the tdigfor each element in the collection (and we use “collection” here to mean 
either an array or Collection or Map or comma-delimited String). 

The key feature is that the tag assigns each element in the collection to the 
variable you declare with the var attribute. 

The <c:forEach> tag 


<c : forEach var= 

’’movie” items=”${movieList}” > 

${movie} 


/ 、 _ 

</c : forEach> 






P o\/c\r 
o\r a 


String [ ] items = (String [ ] ) request. getAttribute (''movieList^) 
for (int i = 0; i < items.length; i++) { 

String movie = items[i]; 
out.println(movie); 


Getting a loop counter with the optional varStatus attribute 


ho 'ds ^ •/ 


<table> 

<c : forEach var=’’movie" items=’’$ {movieList}’’ varStatus="movieLoopCount' 
<tr> 

<td>Count : ${movieLoopCount. count} </td> 


> 


http://localhost:8080/testJSP1/Tester.do 


</tr> 

<tr> 

<td>${movie} <br><br></td> 
</tr> 



</c : forEach> 
</table> 


Hclp-Pully, -tKc 
L-oopTagS-ta-tus ^bss Kas 
a piropcv-ty tha-t 
gives you the value 

itematioh douh-tev-. 

Y i h a “ 

loop.) 


Count^T^ 

Amelie 


Count^T) 

Return of the King 

Count^T^ 

Mean Gins 
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You caw cvew west <c:forEach> tags 

What if you have something like a collection of collections? An array of 
arrays? You can nest <c:forEach> tags for more complex table structures. 
In this example, we put String arrays into an ArrayList, then make the 
ArrayList a request attribute. The JSP has to loop through the ArrayList 
to get each String array, then loop through each String array to print the 
actual elements of the array. 


Servlet code 


String [ ] moviesl = {''Matrix Revolutions”，''Kill Bill”，''Boondock Saints’’}; 
String [ ] movies2 = {''Amelie”，''Return of the King”，''Mean Girls’’}; 
j ava.util.List movieList = new j ava.util.ArrayList(); 
movieList.add(moviesl); 
movieList.add(movies2); 

request • setAttribute (''movies” ， movieList); 


JSP code 


<table> 






ouieir 

loop 


<c : forEach var= 〃 listElement 〃 items= 〃 ${movies }〃 > 

^ -- - 




\oo? 


<c: forEach var=^movie^ i teins: " 彡 / " listElement}" > 

<td>$ {movi e } </td> {he S^i hQ 

命> ^ r 


</c; forEach 〉 


</c : forEach> 


</table> 






^ 岛呼 J 






EE3G 


• http://localhost:8080/testJSP1/Tester.do 


Matrix Revolutions 
Kill Bill 

Boondock Saints 
Amelie 

Return of the King 
Mean Girls 
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the <c:forEach> tag 


^Jiereifirejio 

Dumb Questions 


How did you know that the "varStatus” attri¬ 
bute was an instance of whatever that was, and how 
did you know that it has a "count 〃 property? 


A I 

Ahhhh... we looked it up. 

It’s all there in the JSTL 1.1 spec. If you don’t have the 
spec already, go download it NOW (the intro of this 
book tells you where to get the specs covered on the 
exam). It is THE reference for all the tags in the JSTL, 
and tells you all the possible attributes, whether they’re 
optional or required, the attribute type, and any other 
details on how you use the tag. 

Everything you need to know about these tags (for the 
exam) is in this chapter. But some of the tags have a few 
more options than we cover here, so you might want to 
have a look in the spec. 


o ： 

Since you know more than you’re telling 
about this tag... does it give you a way to change the 
iteration steps? In a real Java for loop, I don’t have to 
do i++, I can do i +=3, for example, to get every third 
element instead of every element... 


A • 

Not a problem. The <c:forEach> tag has optional 
attributes for begin, end (in case you want to iterate 
over a subset of the collection), and step if you want to 
skip over some elements. 




Is the"c〃in <c:forEach> a required prefix? 


A ! 

Well, some prefix is required, of course; all tags 
and EL functions must have a prefix to give the Contain¬ 
er the namespace for that tag or function name. But you 
don’t HAVE to name the prefix "c”. It’s just the standard 
convention for the set of tags in JSTL known as "core". 
We recommend using something other than "c” as a 
prefix, whenever you want to totally confuse the people 
you work with. 


W&it! 


The ^var” variable is 
scoped to ONLY the tag! 


ThaVs riqht tag scope. No this isn’t a full-fledged scope 

^you can b in d : 二 

page, request, session, and application ^ag scope 
simply means that the variable was declared INSIDE 

loop. 

And vou already know what that means in Java terms. 

二 osf • a variable set w,th 

Var » attribute will be visible to whatever scope you 

:二工 “ S _” a_H OR ， 

the variable will default to page scope. 

So don ，t be fooled by code that tries to use the variable 
somewhere BELOW the end of the 
<c:forEach> body tag! 

<c:forEach var="foo" items^$ { fooList}" > 

${foo} 

</c:forEach> . 

II 〜 ^oo 讓 #、 s 

ho!! ^ 

foo>l ^ OVA -t s6oY^. 

for loop you all know and love. 


for (int 


0; 


x 


doSomething(i 


< items.length; i++) 
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Pomg a conditional include with <c:if> 

Imagine you have a page where users can view comments from other users. And 
imagine that members can also post comments, but non-member guests cannot. 

You want everyone to get the same page, but you want members to “see” more 
things on the page. You want a conditional <jsp:include > and of course, you don’t 
want to do it with scripting! 

What members see: What NON-members see: 




http://localhost:8080/testJSP1/Tester.do 


Member Comments 


This site rocks. 
ThL 、 xkt: /.v couL 
This she is stupid. 


Add vour commcm： 


Add Comment ' 


I T >' 


1 ' http://localhost:8080/testJSP1/Tester.do 


Mtmher Comments 

This sire rocks. 


This site is cooL 


This site is stupid. 


Wc 

to a?? ca “ 七 

NOT a 


JSP code 


%> 


set 


<%@ taglib prefix=’’c" uri =,, http : //j ava . sun . com/ j sp/j stl/core' 
<htmlxbody> 

<strong>Member Comments</strong> <br> 

<hr>${commentList}<hr> ^ — - ^ 办以 c , bascd ^ 

i\st s 



<c : if test="$ {userType eq 'member > 

<jsp : include page= A, inputComments . j sp’’/> 

</c : if> 

</body></html> 


Included page (“inputComments_jsp ”） 



如 、 "those avc £I^LB 

n uo ^ s airouhd W 州 be ， 

4^rgct that you 

usc double si^lc 

quotes ih you^r -tags a h d EL. 


<form action= 〃 commentsProcess•jsp” method= 〃 post〃> 

Add your comment : <br> 

<textarea name 二 "input" cols=’’40’’ rows=’’10’’></textarea> <br> 
<input name=^commentSubmit^ type= 〃 button 〃 value=〃Add Comment "〉 
</form> 
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the <c:if> tag 


Put what if you need an else? 


What if you want to do one thing if the condition is true, and 
a different thing if the condition is false? In other words, what 
if we want to show either one thing or the other, but nobody will 
see both? The <c:if^> on the previous page worked fine because 
the logic was: everybody sees the first part, and then if the test 
condition is true, show a little extra. 

But now imagine this scenario: you have a car sales web site, and 
you want to customize the headline that shows up on each 
page，based on a user attribute set up earlier in the session. 

Most of the page is the same regardless of the user, but each user 
sees a customized headline — one that best fits the user’s personal 
motivation for buying. (We are, after all, trying to sell him a car 
and become obscenely wealthy.) At the beginning of the session, a 
form asks the user to choose what’s most important... 


At the beginning of the session: 




' http://localhost:8080/testJSP1/Tester.do 


When buying a car, what is most 
important to you? 


Performance 
_ Safety 
:: Maintenance 




^ Submit % 


Somewhere later in the session: 


, _ 





http://localhost:8080/testJSP1/Tester.do 

.• i 



Now you can stop even if you do 
drive insanely fast. 



Imagine a web site for a 
car company. The first 
page asfe Ae user A^iathe 
feels is most important. 

Just like a good salesman, 
Ae pages Aat talk about 
features of Ae car will 
customize ike presentation 
based on ihe user's 
preference, so lhat each 
feature of Ae car looks 
like it was made widilJlS 
personal needs in mind... 


The Brakes 

Our advanced anti-lock brake system (ABS) 
is engineered to give you the ability to steer 
even as you’re stopping. We have the best 
speed sensors of any car this size. 
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The <c:if> tag wow't work for this 


There’s no way to do exactly what we want using the <c:if^> tag, because it 
doesn^t have an “else”• We can almost do it, using something like: 


JSP using <c:if>, but it doesn’t work right... 


<c : if test =,, $ {userPref= =/, performance r } ,r > 

Now you can stop even if you <em>do</em> drive insanely fast.. 

</c:if> 

<c : if test=’’$ {userPref= =/r saf ety f }’’ > 

Our brakes won't lock up no matter how bad a driver you are. 

</c:if> 

<c : if test =,, $ {userPref= =/, maintenance r } ^ > 

Lost your tech job? No problem--you won't have to service these brakes 


for at least three years. 
</c:if> 




-tV^csc? 


<!-- continue with the rest of the page that EVERYONE should see 


--> 


The <c:if^> won’t work unless we’re CERTAIN that we’ll never need a default 
value. What we really need is kind of an if/else construct:* 

JSP with scripting, and it does what we want 

<htmlxbody><h2> 

<% String pref = (String) session . getAttribute (''userPref ^); 
if (pref • equals (''performance ”）） { 

out. print In (''Now you can stop even if you <em>do</ em> drive insanely fast .’’）； 

} else if (pref • equals (''safety ”）） { 

out. print In (''Our brakes won't lock up, no matter how bad a driver you are. ; 

} else if (pref • equals (''maintenance ”）） { 

out.println('' Lost your tech job? No problem--you won't have to service these 
brakes for at least three years .’’）； 

} else { 

// userPref doesn't match those, so print the default headline 
out. println (''Our brakes are the best .’’）； 

} %> 

</h2><strong>The Brakes</strong> <br> 

Our advanced anti-lock brake system (ABS) is engineered to give you the ability to 
steer even as you're stopping. We have the 


/ 


匕:::力二. 


best speed sensors of any car this size. <br> 
</body></html> 


*Yes, we agree with you—there’s nearly always 
a better approach than chained if tests. But 
you’re just gonna have to suspend disbelief long 
enough to learn how this all works.... 
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I will CHOOSE you 

WHEN you are ready to give 
up your obsession with Pilates. 

OTHERWISE, I II have to go 
with Kenny for the synchronized 
swim team. 



The <c:choosc> tag and its partners 
<c:whcw> and <c:othcrwisG> 

<c : choose> 

<c : when test="${userPref == 'performance'}"> 


㈣ 与 !S r 

t 心:二 .） 


Now you can stop even if you <em>do</em> drive insanely fast. 

</c:when> 


<c : when test="${userPref == 'safety'}"> 

Our brakes will never lock up, no matter how bad a driver you are. 

</c:when> 

<c : when test="${userPref == 'maintenance A }"> 

Lost your tech job? No problem--you won't have to service these brakes 
for at least three years. 

</c:when> 


<c : otherwise 〉 

Our brakes are the best. 

</c : otherwise 〉 

</c : choose> 




<!-- the rest of the page goes here...--> 


No*tc ： <d ： dhoosc> is NOT 
\rc<\ui\rcd *to have a <^ ： o-thcv-y/isc> 
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The <c:sct> tag... so much cooler thaw <jsp:SGtPropGrty> 

The <jsp:setProperty> tag can do only one thing — set the property of a bean. 

But what if you want to set a value in a Map? What if you want to make a new entry in a Map? 
Or what if you simply want to create a new request-scoped attribute? 

You get all that with <c:set>, but you have to learn a few simple rules. Set comes in two 
flavors: var and target. The var version is for setting attribute variables, the target version is for 
setting bean properties or Map values. Each of the two flavors comes in two variations: with 
or without a body. The <c:set> body is just another way to put in the value. 

Setting an attribute variable var with <c:set> 

3 二 :: 


① With NO body 


NOT —— 

^ t W,s 

<c : set var="userLevel" scope=”session” value="Cowboy" /> 

_ / t , 崎 

/ou mST S ?C ^y 3 v , |uc； bu ； > 

: 。，仏 3 Uue ，r /r , 

，h thc ^9 b °dy (see #Z below). _ flpcvsoh.dog} evaluates 

’Fido" value=’’$ {person • dog}’’ /> •do IS o\ -type Pog. 


<c : set var: 


② WITH a body 


Rcmcmbcv, slasV^ 


<c : set var="userLevel" scope="session 
Sheriff, Bartender, Cowgirl 

</c : set> 


” > 




If the value evaluates tonulLthe variable will be 
REMOVED! That’s right ， removed. 

Imagine that for the value (either ("meaning 

tribute), you use ${person.dogh ${p . h then if there IS a variable 

there is no person, removed! (if you don^t specify 

attribute with a name Fido , th mnues t etc.). This happens even if 

a scope, it will start looking a or a Duck ， or a Broccoli. 

the 〒 ido” attribute was originally set as a string, u 
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Usmg <c:sct> with beans and Maps 

This flavor of <c:set> (with its two variations — with and without a body) 
works for only two things: bean properties and Map values. That’s it. 

You can’t use it to add things to lists or arrays. It’s simple — you give it 
the object (a bean or Map), the property/key name, and the value. 


Setting a target property or value with <c:set> 


① With NO body 


㈣ 淡士 


<c : set target="$ { PetMap } " property= rr do gN ame ^ value="Clover" /> 

夕 f 

iavyt must NOT be is a Ma ?) sd ih c 

^luc o+ a key _ c d u do 9 ^r, c w 


② WITH a body , ^ ^ 

\lo slasV> - ^3^ 

<c : set target=’’$ {person }’’ property=’’name" 

${foo.name} ^^ 

</c: set> c b °dy tayy a 


The “target” must evaluate to attribute! 

Vfrr type in the String “id” name of the bean or map 

齡—上 肿 < c .妙 TnZ s Z： 

- name ofthe scoped attribute ' 

under which the attnbute That means an EL expression ora 

一一 娜一 
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Key points and gotchas with <c:set> 

Yes, <c:set> is easy to use, but there are a few deal-breakers 
you have to remember... 


> You can never have BOTH the “var” and “target” 
attributes in a <c:set>. 

> “Scope” is optional, but if you don’t use it the default 
is page scope. 

> If the “value” is null, the attribute named by “var” 
will be removed! 

> If the attribute named by “var” does not exist, it’ll be 
created, but only if “value” is not null. 

> If the “target” expression is null, the Container 
throws an exception. 

> The “target” is for putting in an expression that 
resolves to the Real Object. If you put in a String 
literal that represents the “id” name of the bean or 
Map, it won’t work. In other words, “target” is not for 
the attribute name of the bean or Map—it’s for the 
actual attribute object 

> If the “target” expression is not a Map ora bean, the 
Container throws an exception. 

> If the “target” expression is a bean, but the bean 
does not have a property that matches “property”, 
the Container throws an exception. Remember that 
the EL expression ${bean.notAProperty} will also 
throw an exception. 


Dumb Questions 

o ： 

Why would I use the body version 
instead of the no-body version? It looks 
like they both do exactly the same thing. 


A • 

That's because they DO... do the 
same thing. The body version is just for 
convenience when you want more room for 
the value. It might be a long and complex 
expression, for example, and putting it in 
the body makes it easier to read. 


o ： 

If I don’t specify a scope, does that 
mean it will find attributes that are ONLY 
within page scope, or does it do a search 
beginning with page scope? 


A • 

If you don’t use the optional "scope’ 
attribute in the tag, then the tag will only 
look in the page scope space. Sorry, you 


will just have to know exactly which scope 
you are dealing with. 


o ： 

Why is the word "attribute" so 
overloaded? It means both "the things 
that go inside tags” and "the things that 
are bound to objects in one of the four 
scopes." So you end up with an attribute 
of a tag whose value is an attribute of the 
page and... 


A • 

We hear you. But that's what they're 
called. Once again, nobody asked US. 


We would have called the bound objects 
something like, oh, "bound objects”. 


you are here ► 


457 



the <c:remove> tag 



<c:rGmovG> just makes sense 

We agree with Dick — using a set to remove 
something feels wrong. (But remember, set does a 
remove only when you pass in a null value.) 

The <c:remove> tag is intuitive and simple: 


<%@ taglib prefix=’’c" uri=’’http ://j ava • sun • com/j sp/j stl/core" %> 
<htmlxbody> 


mi 


<c : set var= 〃 userStatus 〃 scope= 〃 request 〃 value= 〃 Brilliant 〃 / > 
userStatus : ${userStatus} <br> 




<c : remove var="userStatus" scope= 〃 request" /> 


userStatus is now : ${userStatus} 
</body></html> 







http://localhost:8080/testJSP1/Tester.do 


userStatus: Brilliant 
userStatus is now: 


丁彳 value of 

: 。 ㈣: 
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f^^rpen your pencil 


Test your Tag memory 

If you’re studying for the exam, don’t skip this one. 
The answers are at the end of the chapter. 


① Fill in the name of the optional attribute. 

<c : forEach var=’’movie" items=’’$ {movieList}’’ ： =’’foo" > 

${movie} 

</c : forEach> 


② Fill in the missing attribute name. 


<c : if _f=’’$ {userPref== f safety'}’’ > 

Maybe you should just walk... 

</c:if> 


⑤ Fill in the missing attribute name. 


<c : set var="userLevel" scope="session" ="foo" / > 


④ Fill in the missing tag names (two different tag types), and the missing attribute name. 

<c : choose> 

<c : ="$ {userPref == 'performance A } ,r > 

Now you can stop even if you <em>do</em> drive insanely fast. 
</c: > 


<c: > 

Our brakes are the best. 
</c: > 

</c : choose> 
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the <c:import> tag 


With <c:import> / there arc wow THREE 
ways to include cowtcwt 

So far, we’ve used two different ways to add content from another 
resource into a JSP. But there’s yet another way, using JSTL. 

① The include directive 

<%@ include file =, " Header . html^ %> 

Static: adds the content from the value of the file 
attribute to the current page at translation time. 


② The <jsp:include> standard action 


<jsp : include page=”Header•jsp” /> 

Dynamic: adds the content from the value of the 
page attribute to the current page at request time. 


⑤ The <c:import> JSTL tag 


s ㈣ 二匕 r 


<c : import url=〃http ://www.wickedlysmart.com/skyler/horse.html” /> 


Dynamic: adds the content from the value of the 
URL attribute to the current page, at request time. 
It works a lot like <jsp:include >, but it’s more 
powerful and flexible. 


Do MOT dom-fiASC <d ： ir»\po\rt> (a *tyfC 
•mdude) 七 he u impo\rt ，； a*t*tvibu*tc o( 

div-cdtivc (b way *fco pu*t a Java 
ir»\po\rt 的七 m sc\rvlc*t)- 
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<c:import> caw reach 0UTS1PE the web app 

With <jsp:include> or the include directive, you can include only pages that are part of the 
current web app. But now with <c:import>, you have the option to pull in content from 
outside the Container. This simple example shows a JSP on Server A importing the contents 
of a URL on Server B. At request time, the HTML chunk in the imported file is added to 
the JSP. The imported chunk uses a reference to an image that is also on Server B. 
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the <c:import> tag 


Customizing the thing you include 

Remember in the previous chapter when we did a <jsp:include> to 
put in the layout header (a graphic with some text), but we wanted to 
customize the subtitle used in the header? We used <jsp:param> to 
make that happen... 

① The JSP with the <jsp:include> 

<htmlxbody> 


<jsp : include page="Header•j sp"> 

<jsp:param name="subTitle’’ value="We take the sting out of SOAP." /> 
</jsp : include> 

<br> 

<em>Welcome to our Web Services 
Contact us at: ${initParam.main 
</body></html> 

② The included file (“Header.jsp ”） 


<img src=’’images/Web-Services . jpg" > <br> 

<em><strong>$ {param. subTitle }</strongx/em> 
<br> 


Support Group.</em> <br><br> 
mail} 


© o o 


^ e 


0 http://localhost:8080/tests/Contact.jsp 


Or Coogle 


PP JZSE lv5 in a IMutshel! Colorado C...opers Home Slashdot: N ： e...hat matttrs orkjl - h&me java.net 》 


雜说'〆② 

We take the sting out of SOAP. ^ 

Welcome to our Web Services Support Group. 

Contact us at: likewecare@wickedlysmart.com 


JSP sctM ^ as 
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Pomg the same thiwg with <c:param> 


Here we accomplish the same thing we did on the previous page, but 
using a combination of <c:import> and <c:param>. You’ll see that the 
structure is virtually identical to the one we used with standard actions. 


① The JSP with the <jsp:import> 


<%@ taglib prefix=’’c" 
<htmlxbody> 


uri=’’http : //j ava . sun . com/ jsp/jstl/ core" %> 


/ —N, |no SldSn, UCUO - 

★> % W a W7 


Ko slasV., betake KOW 


<c : import url="Header•j sp 


<c : param name= 〃 subTitle 〃 value=〃We take the sting out of SOAP .〃 /> 
</c : import> 

<br> 、 

<em>Welcome to our Web Services Support Group.</em> <br><br> 

Contact us at: ${initParam.mainEmail} 

</body></html> 


② The included file (“Header.jsp”) 


<img src =, ^images/Web-Serv 



es.jpg 


> <br> 



<em><strong>$ {param. subTitle }</strongx/em> 
<br> 
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URL rewriting in a JSP 



He missed the point... I said 
''guarantee". My real question is—if 
the client doesn’t support cookies, how 
can I get URL rewriting to happen? How 
can I get the session ID added to 
the URLs in my JSP? 
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Session tracking 
happens automatically with 
JSPs, unless you explicitly disable 
it with a page directive that has 
a session attribute that says 
session= ,, false ,f . 












using JSTL 


<c:url> for all your hyperlmk needs 

Remember way back in our old servlet days when we wanted to use a session? First 
we had to get the session (either the existing one or a new one). At that point, the 
Container knows that it’s supposed to associate the client from this request with a 
particular session ID. The Container wants to use a cookie — it wants to include a 
unique cookie with the response, and then the client will send that cookie back with 
each subsequent request. Except one problem... the client might have a browser with 
cookies disabled. Then what? 

The Container will, automatically, fall back to URL rewriting if it doesn’t get a cookie 
from the client. But with servlets, you STILL have to encode your URLs. In other 
words, j ⑽ still have to tell the Container to “append the jsessionid to the end of this 
particular URL...” for each URL where it matters. Well, you can do the same thing 
from a JSP, using the <c:url> tag. 


URL rewriting from a servlet 


public void doGet(HttpServletRequest request, HttpServletResponse 

throws 工 OException, 

response . setContentType ( 、 'text/html 〃）； 

PrintWriter out = response.getWriter(); 

HttpSession session = request.getSession(); 


out. println (''<html><body>^); 

out .println (''<a href=\’’’’ + response. encodeURL (''/BeerTest.do 

out • println (''</body></html>") ; ^ ^ 

Add ^ e 如 sess^lP 丄 加陳 . 


URL rewriting from a JSP 

<%@ taglib prefix=’’c" uri=’’http ://j ava • sun • com/j sp/j stl/core" %> 
<htmlxbody> 

This is a hyperlink with URL rewriting enabled. 


<a href="<c:url value =, /inputComments . jsp f />">Click here</a> 


</body></html> 


，- 

TWk Adds *tV\c \scss»ov\ui *to 

vclatwc URL ^ok'cs ave a.sakUd . 


response) 

ServletException { 


)+ 、 '\">click</a>"); 
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the <c:URL> tag 


What if the URL needs encoding? 


Remember that in an HTTP GET request, the parameters are appended to the URL as a query string. 
For example, if a form on an HTML page has two text fields — first name and last name — the request 
URL will stick the parameter names and values on to the end of the request URL. But...an HTTP 
request won’t work correctly if it contains unsafe characters (although most modern browsers will try to 
compensate for this). 

If you’re a web developer, this is old news, but if you’re new to web development, you need to know 
that URLs often need to be encoded. URL encoding means replacing the unsafe/reserved characters 
with other characters, and then the whole thing is decoded again on the server side. For example, 
spaces aren’t allowed in a URL, but you can substitute a plus sign “+” for the space. The problem is, 
<c:url> does NOT automatically encode your URLs! 


Using <c:url> with a query string 

Remember, the <c:url> tag does URL rewriting, but not URL encoding! 



㈣ r'fk 

一 - to 咖 S vaW 




<c : url value="/inputComments • jsp?first=${first} &last=${last}" var="inputURL" /> 

The URL using params is: ${inputURL} <br> 


eon 


|/1 :圳 hvJSPl ^TesiBean.Jiiip 


A 


< 0 http://localhost:808 


O,- 


Gp 1.^- in 3, iNuExhill G . op«rs Kf>om« bUs-hihri: i 


maecers- ork<ul - I 


The URL using params is: /myApp/inputComments. 
j sp ?fir st=Crouching Pixels&last=Hidden Cursor 

7<wVe 。。 七 s 咐 b V>ave 
spates a lARL*. 


二 Ue ♦“ 七 “ — + S , 


Using <c:param> in the body of <c:url> 

This solves our problem! Now we get both URL rewriting and URL encoding. 

、。 sldsV^ 



<c : url value=’’/inputComments • j sp’’ var=’’inputURL 

<c : param name=”firstName" value="${first}" /> 

<c : param name="lastName" value="${last}" /> 

</c :url> [vJoyj YicVc 


sa^c, because <^?avam> 

takes tart 


Now the URL looks like this: __ ^ 

/myApp/inputComments.jsp?firstName=Crouching+Pixels&lastName=Hidden+Cursor 
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using JSTL 


J rm interrupting this JSTL ) 
talk for a few moments to 
talk about your error-handling. 
Were about to do something that 
might cause an exception... 


% 



You do NOT wawt your clients to see this: 


0^0 


Apache Tomcat/S.0.19 - Error report 




G 

十 


© http: //localhost:UUHU/kathyj^Pl /choose I est.jsp 


boogie 


QQ J2SE 1.5 in ck Nutshell Colorado C...opc.rs Home SlashdotL Nc...hat matters orkut home java.net 


3^ 


HTTP Status SOO 


Exception report 


message 


escriplio 


xception 


The server encounlered an internal error H that prevented it finofii flillilliria this reauest 


org . apaclio . jasper . JasperException: / by zero 

orq .apache.jasper.servlet-JspServletWrapper.service(JspServletWrapper.java:358 
org.apache.jasper.servlet-JspServlet.serviceJspFile(JspServlet.java 2 301) 
org.apacne.jasper.servlet.Jsp^erviet.service{JspServlet■javas ) 
ja;vax - servlet.h11p- HttpServlet. service j HttpServlet - javas 856 ) 


root cause 


java *lang - ArithmeticException : / by zero 

org.apache.j sp.ChooseTest_j spj spService(ChooseTest_jsp.java:62) 
org.apache.jasper.runtime.HttpJspBasa. s e rvi ce(HttpJspBase- java:13 3 J 
javax-servlet.http.HttpServlet.service(HttpServlet.javas856) 

org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:311) 
orq .apache.j asper.servlet.JspServlet.serviceJspFile(JspServlet.javas301) 
org . apache . Jasper,servlet■JspseirviLet ■ service{Jspservlet. java s 2 4S j 
javax-servlet.http.HttpServlet.service(HttpServlet-javas856) 

TE3 The full stack trace of the root cause is available in itie Tomcat Ioqb. 


ache Tomeai/5.0.19 
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error pages 


Make your own error pages 


The guy surfing your site doesn’t want to see your stack trace. And he’s not too thrilled 
to get a standard “404 Not Found” ， either. 


You can’t prevent all errors, of course, but you can at least give the user a friendlier 
(and more attractive) error response page. You can design a custom page to handle 
errors, then use the page directive to configure it. 


The designated ERROR page (“errorPage.jsp”) 

<%@ page 


isErrorPage =〃 true j 


%> 


，s 


<htmlxbody> 

<strong>Bummer.</strong> 

<img src=^images/bummerGuy. jpg’’> 
</body></html> 


The BAD page that throws an exception (“badPage_jsp ”） 


<%@ page 


errorPage= A, errorPage. jsp ; 


%> 


<htmlxbody> 
About to be bad. 
<% int x = 10/0; 
</body></html> 


%> 


Tcll$ ihc Coh^ii hcv . ^ 


What happens when you request M badPage_jsp ’， 

0 O O Apache TQfncaty5„0-19 - Erf Of repon 

- ]fc~| H- I W http://localhost:8080/tests/badPage.jsp 


， Qj Gooqle 



^ 

W / a :— 七’， sothc 
RgSPOKSt- tame Wor^ 
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using JSTL 


It will take me FOREVER to put 
page directives in all my JSPs, to 
specify the error page to use. And 
what if I want a different error page 
depending on the error? If only there 
were a way to configure error 
pages for the whole web app." 


O o 



She doesn't know about the <error-page> I?I? tag. 

You can declare error pages in the DD for the entire web app, and you 
can even configure different error pages for different exception types, or 
HTTP error code types (404, 500, etc.). 

The Container uses <error-page> configuration in the DD as the 
default, but if a JSP has an explicit err or Page page directive, the 
Container uses the directive. 
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error pages in the DD 


Configuring error pages m the PP 

You can declare error pages in the DD based on either the <exception-type> or 
the HTTP status 〈 error-code 〉 number. That way you can show the client different 
error pages specific to the type of the problem that generated the error. 

Declaring a catch-all error page 

This applies to everything in your web app 一 not just JSPs. 

You can override it in individual JSPs by adding a page 
directive with an err or Page attribute. 

<error-page> 

<exception-type>java.lang.Throwable</exception-type> 
<location>/errorPage.jsp</location 〉 

</error-page> 

Declaring an error page for a more explicit exception 

This configures an error page that’s called only when there’s an 
ArithmeticException. If you have both this declaration and the 
catch-all above, any exception other than ArithmeticException 
will still end up at the “errorPage.jsp”. 

<error-page> 

<exception-type>java.lang.ArithmeticException</exception-type> 
<location>/arithmeticError.jsp</location 〉 

</error-page> 


Declaring an error page based on an HTTP status code 

This configures an error page that’s called only when the status 
code for the response is “404” (file not found). 

<error-page> 

<error-code>404</error-code> 

<location>/notFoundError.jsp</location 〉 


</error-page> 




i\\t cv-vov fay 
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Error pages get aw extra object: exception 


An error page is essentially the JSP that handles the exception, so the 
Container gives the page an extra object for the exception. You probably 
won’t want to show the exception to the user, but you’ve got it. In a 
scriptlet, you can use the implicit object exception, and from a JSP, you 
can use the EL implicit object S{pageGontext.exception}. The object is 
type java.lang.Throwable, so in a script you can call methods, and with 
EL you can access the stackTrace and message properties. 


A more explicit ERROR page (“errorPage.jsp”) 



Note : 如 ― 比 ’ 1 七 is 

ava'ildkle OKLVto tc 悚 ?ays an 

pay 


<%@ page isErrorPage= 〃 true 〃 %> 

<htmlxbody> 

<strong>Bummer.</strong><br> 


| 於 ottev v/ov-ds, m 

… PP “o 七 e— k ▲如 Co^tamcv- 

3 We \>a 3 e tte —^ a 听 W objedt. 


You caused a 


${pageContext.exception} 


on 


the 


server.<br> 


<img src =,, images/bummerGuy. jpg’’> 
</body></html> 


What happens when you request M badPage_jsp” 


©oo 


Apjt-hi; Tyrntdl/S-0.19 EfBU-r lepoii 



r^ir+i 

■ http://localhost:8080/tests/badPage.jsp 〜 bi- 


rn i n 

in n 

E nlarjida 1. apf-p-^ Ham#- sUshdd N> hiit nuiHf-r^ srhuf harru 1 jav^.n^t 

» 


Bummer. 



TW、s We, ^ AT 代 
deta-as- You —aWy 

“t skw tW«s 
\jO\ji 乙 ouU SCC 、七 ’ 
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the <c:catch> tag 


What if I think there's 
an exception I might be able 
to recover from in a JSP? What 
if there are some errors I 
want to catch myself? 


The <c:catch> tag. Like iry/oaioh...sort of 



If you have a page that invokes a risky tag, but you think you can 
recover, there’s a solution. You can do a kind of try/catch using the 
<c:catch> tag, to wrap the risky tag or expression. Because if you 
don’t，and an exception is thrown, your default error handling will 
kick in and the user will get the error page declared in the DD. The 
part that might feel a little strange is that the <c:catch> serves as 
both the try and the catch — there’s no separate try tag. You wrap the 
risky EL or tag calls or whatever in the body of a <c:catch>, and the 
exception is caught right there. But you can’t assume it’s exactly like a 
catch block, either, because once the exception occurs, control jumps 
to the end of the <c:catch> tag body (more on that in a minute). 

<%@ taglib prefix=’’c" uri=’’http ://j ava • sun • com/j sp/j stl/core" 
<%@ page errorPage =,, errorPage . j sp^ %> 


%> 



<htmlxbody> 


About to do a risky thing : <br> 


<c : catch> 

<% int x = 10/0; %> 

</c : catch> 

If you see this, we survived. 
</body></html> 


This s^\rip*tlc*t will DEFIKITEL^/ 

^ause 的 … bu 七 wc dau # 七 i 七 

cv-\rov- paje- 

l-f out v/c 

wc i*t pas 七 c 乂灼 

(y/hidh \y\ *this example, y/e 

su^dcss-fully 


000 


http://localhost:8080/tests/risky.jsp 

LXJ J^'&C I-S In i Nu^shfli C 4p«rs H#mc N« hdi i 


- 

*rkui 


■v 


About to do a risky thing: 

If you see this, we survived. 

诎 c ^usi 

^ 3vc worked... 
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But how do I get access to 
the Exception object? The 
one that was actually thrown? 
Since this isn’t an actual error 
page, the implicit exception 
object doesn't work here. 



You can make the exception an attribute 

In a real Java try/catch, the catch argument is the exception object. 

But with web app error handling, remember, only officially - de signated error 
pages get the exception object. To any other page, the exception just isn’t 
there. So this does not work: 

<c : catch> 

Inside the catch... 

<% int x = 10/0; %> 

</c : catch> 

Exception was : ${pageCont 



exception} 


N,ovk because tw»s 
“U, ev-vo, 

s 。 



嘁 4 


Using the tfi var’’ attribute in <c:catch> 

Use the optional var attribute if you want to access the exception after 
the end of the <c:catch> tag. It puts the exception object into the page 
scope, under the name j ⑽ declare as the value of var. 

<%@ taglib prefix=’’c" uri=’’http ://j ava • sun • com/j sp/j stl/core" %> 
<%@ page errorPage =,, errorPage . j sp^ %> 

<htmlxbody> 


About to do a risky thing : <br> 

<c : catch var= 〃 myException〃> 


TW, a ^ 以以 “ 

㉝ :::濟“ 


Inside the catch... 
<% int x = 10/0; %> 


</c : catch> 


<c : if test=’’$ {myException ! = null} ,r > 

There was an exception : $ {myException. message } <br> 

</c:if> 


We survived. 
</body></html> 


u 
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the <c:catch> tag 


Flow control works in a 《抑 

Jnatry block-NOTHING runs ms.de the <c-catc 
body after the exception. 

In a regular Java try/catch, once th ^ exc ^ 

things happen: 

1) lf you used the options,^ attribute, the exception object is assigned to ,t 

2) Flow jumps to below the body of the <c.catch> tag. 


<c:catch> 


Inside the catch.•• 
<% int x = 10/0; %> 

^After the catch... 


You\\ Ntvw 


see 


tw»s! 


</c:catch> 
We survived 


Be careful about this. If you want 匕：二二二 ：： Mother words, there 

： Xl A noZ __ 

catch block, but it isn t. A _ a t that neve r needs (or has) a 

is, rather than TyoTs^ ^ iS ^ 

： h T^ exception is t h ro W n,^ 


474 chapter 9 



using JSTL 


What if you weed a tag thafs NOT m JSTL? 

The JSTL is huge. Version 1.1 has five libraries — four with custom tags, and one 
with a bunch of functions for String manipulation. The tags we cover in this book 
(which happen to be the ones you’re expected to know for the exam) are for the 
generic things you’re most likely to need, but it’s possible that between all five 
libraries, you’ll find everything you might ever need. On the next page, we’ll start 
looking at what happens when the tags below aren’t enough. 


The “Core” library 

General-purpose 

<c : out> 

<c : set> 

<c : remove> 

<c : catch> 

Conditional 

<c : if> 

<c : choose> 

<c : when> 

<c : otherwise 〉 

URL related 

<c : import> 

<c:url> 

<c : redirect 〉 

<c:param> 

Iteration 

<c : forEach 〉 

<c : forTokens> 



Wlc didn't OY\t- i 七 lets 

you i*tc\ra-tc ovcv" tokens y/hc\rc ^OU 
jive i*t dclirwi-tcv-. lVo\rks d lo 七 
like S*tv"'mgTokc^izjC\r. Wc also did 灼’七 
dovcv <drcdiV"Cdt> and <d:ou*t>, bu*t 
gives you 3 woir\dc\r-ful 
*to JSTL dots. 


The “Formatting” library The “XML” library 

Internationalization Core XML actions 


<fmt: message 〉 

<fmt:setLocale> 

<fmt:bundle> 

<fmt:setBundle> 

<fmt :param> 

<fmt:reque s tEncoding> 


Formatting 

<fmt: timeZone> 
<fmt:setTimeZone> 
<fmt:formatNumber> 
<fmt:parseNumber> 
<fmt:parseDate> 


<x:parse> 

<x : out> 

<x:set> 

XML flow control 

<x:if> 

<x : choose> 

<x : when> 

<x:otherwise 〉 
<x:forEach> 


Transform actions 

<x:transform 〉 
<x:param> 


The “SQL” library 

Database access 

<sql : query> 

<sql : update 〉 

<sql : setDataSource> 
<sql : param> 

<sql : dateParam> 


o 

o 


onfy the ；f cora ；； ffbrary fe 

covered on the exam. 

The 

了 二工 r 二 

'tare _ ㈣ f 

available The ^ your , ife if you 

Dr examp/e, 伯 ㊀ 机 Wrjting y0 ur 
o process ain s0 make 
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reading the TLD 


Usmg a tag library thafs NOT from the JSTL 


Creating the code that goes behind a tag (in other words, the Java code 
that’s invoked when you put the tag in your JSP) isn’t trivial. We have a 
whole chapter (the next one) devoted to developing your own custom 
tag handlers. But the last part of this chapter is about how to use custom 
tags. What happens, for example, if someone hands you a custom tag 
library they created for your company or project? How do you know what 
the tags are and how to use them? With JSTL, 
it’s easy — the JSTL 1.1 specification documents 
each tag, including how to use each of the 
required and optional attributes. 


But not every custom tag will come so nicely 
packaged and well-documented. You have 
to know how to figure out a tag even if the 
documentation is weak or nonexistent, and, 
one more thing — you have to know how to 
deploy a custom tag library. 

Main things you have to know: 
① The tag name and syntax 


To 咖 a custom library^ 

you MOST readme TLD. 

Everyto^y ouIieedto 


The tag has a name, obviously. In <c:set>, the tag name is set, and 
the prefix is c. You can use any prefix you want, but the name 
comes from the TLD. The syntax includes things like required 
and optional attributes, whether the tag can have a body (and 
if so, what you can put there), the type of each attribute, and 
whether the attribute can be an expression (vs. a literal String). 


② The library URI 

The URI is a unique identifier in the Tag Library Descriptor 
(TLD). In other words, it’s a unique name for the tag library the 
TLD describes. The URI is what you put in your taglib directive. 
It’s what tells the Container how to identify the TLD file within 
the web app, which the Container needs in order to map the tag 
name used in the JSP to the Java code that runs when you use 
the tag. 
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Making sense of the TLP 


\ZJC . 七 .. 


The TLD describes two main things: custom tags, and EL functions. We 
used one when we made the dice rolling function in the previous chapter, 
but we had only a 〈 function〉element in the TLD. Now we have to look 
at the <tag> element, which can be more complex. Besides the function we 
declared earlier, the TLD below describes one tag, advice. • OYV 

丁 w 、 s .H? 入 0 . W’dA. 

<?xml version=’’l • 0" encoding=’’ISO-885 9-1" ?> ^ \jo\A ^ovaV* ' 

<taglib xmlns=’’http ://j ava • sun • com/xml/ns/j 2ee" wst ' 

xmlns : xsi=’’http : / / www. w3 . org/2001/XMLSchema-instance^ 

xsi : schemaLocation=’’http : //java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd" 
version= 〃 2•0〃> 


twt 


<tlib-version>l.2</tlib-version> 


<short-name>RandomTags</short-name> 

<function> 

<name>rollIt</name> 

<function-class>foo.DiceRoller</function-class> 

<function-signature>int rollDice()</function-signature 〉 
</function 〉 


%: 二 ’ 
mmwRY ； , aihly ^ ^ 


The -Puh^-tioh wc 

咐 d i“he bsi “ 


<uri>randomThings</uri> 


<tag> 


The 


Uhi n u « wc use 


ih ihc di^iive/ 






代 a\\” ooA .、 dca ’’ 


<description>random advice</description> 

<name>adv il e</name> C ^ ( 〜 ♦ 呼控 _>). 贼麟 pl ^2^ ^ "" 
<tag-class>foo. AdvisorTagHandler</tag-class> y __ s m 3 

<body-content>em P ty</body-content> ^ W |RED./ This says the tag 

你 ust HOT have ahytliihg ih the body. 

I| youv* tag has aUvibutcs, thch ohc <aUv-ibu-tc> 

dcmcht fc\r tag aUvibulc is 代％代 d. 

-- - ^ 

“This 尸 y s y ou MUST put a 
<required>true</required>^ USCf ih the tag. 

<rtexprvalue>true</rtexprvalue> -p^\ s LSlafucal 

金 : iX 咖咖 a 、). 


<attribute> 


</attribute> 


doesn't V>avc 


</tag> 

</taglib> 


you are here ► 477 




reading the TLD 


Usmg the custom Advice" tag 

The “advice” tag is a simple tag that takes one attribute — the user 
name — and prints out a piece of random advice. It’s simple enough 
that it could have been just a plain old EL function (with a static 
method getAdvice(String name))，but we made it a simple tag to 
show you how it all works... 


The TLD elements for the advice tag 


<taglib ...> 


<uri>randomThings</uri> 

<tag> 

<description>random advice</description 〉 
<name>advice</name> 

<tag-class>foo.AdvisorTagHandler</tag-class> 
<body-content>empty</body-content> 


<attribute> 

<name>user</name 
<requ:L^^%true</rlquir 


'texprvalue>true</rte 
</attribute 〉 


value> 


</tag: 

</taglib f;... > 


JSP that uses the tag 


<htmlxbody> 


<%@ taglib prefix= 〃 mine 〃 tin 

Advisor Page<br> 



TW,s ,s ^ saw ㈣ 7 ⑽广 
Without 


口 




ndomThings 〃 ％> 


Its bo use EL because <vtc%fvcvaluc> 

| % ，〜 、 m ^ TLP is set *to w jbrue” k ^ usev 

〈 mine: advice user="${userName}" /> (Assume {\\t a*t*tv-ibu-tc s\reBdy 


</body></html> 


Uc TLP says V^avc a body, so y/c ^adc \i 

an empty ^ a slasW. 


lib^y y ou use ih a 
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The custom tag handler 

This simple tag handler extends SimpleTagSupport (a class you’ll 
see in the next chapter), and implements two key methods: doTag(), 
the method that does the actual work, and setUser(), the method 
that accepts the attribute value. 


Java class that does the tag work 


package foo; 

import javax.servlet.j sp.JspException; 
import javax.servlet.j sp.tagext.SimpleTagSupport; 
import java•io • 工 OException; 

public class AdvisorTagHandler extends SimpleTagSupport 




private String user; 


讪伙 tUSP evokes 




i\\t 


public void doTag () throws JspException, 工 OException { 

get JspContext () . getOut () . write ( ''Hello '' + user +、' <br >〃 ); 
get JspContext () .getOut() .write ( ''Your advice is: '' + getAdvice () 


public void _ 

this.user=user; 


String getAdvice() 

m rr f 1 ^ -i r* a 


— r(string 二濟£&:? 故以 


String [ ] adviceStrings = {''That color's not working for you. 


''You should call in sick." 
int random = (int) (Math.random() 
return adviceStrings[random]; 


''You might want to rethink that haircut 
* adviceStrings.length); 


OvaV 




Custom tag handlers don 5 t use 
' custom method names! 
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understanding <rtexprvalue> 


Pay attewtiow to <rtcxprvaluG> 

The <rtexprvalue> is especially important because it tells you 
whether the value of the attribute is evaluated at translation or 
runtime. If the <rtexprvalue> is false, or the <rtexprvalue> isn’t 
defined, you can use only a String literal as that attribute’s value! 

If you see this: 

<attribute> 

<name>rate</name> 

<required>true</required 〉 

<rtexprvalue>f alse</ rtexprvalue> 

</attribute 〉 


OR this: 


<attribute> 

<name>rate</name> 
<required>true</required 〉 


</attribute 〉 






Then you know THIS WONT WORK! 


<htmlxbody> 

<%@ taglib prefix="my" uri="myTags 


s"%>__ 


< m y：handlelt rate-^cur^te}^ /> 

</bodyx/html> ，以 Z—W. 


You still didn’t answer the question about how you know what type 
the attribute is... 


We’ll start with the easy one. If the <rtexprvalue> is false (or not there 
at all), then the attribute type can be ONLY a String literal. But if you can 
use an expression, then you have to hope that it’s either dead obvious from 
the tag description and attribute name, OR that the developer included the 
optional <type> subelement of the <attribute> element. The <type> takes a 
fully-qualified class name for the type. Whether the TLD declares the type or 
not, the Container expects the type of the expression to match the type of 
argument in the tag handler’s setter method for that attribute. In other words, 
if the tag handler has a setDog(Dog) method for the "dog” attribute, then the 
value of your expression for that attribute better evaluate to a Dog object! (Or 
something that can be implicitly assigned to a Dog reference type.) 
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<rtcxprvaluG> is NOT just for EL expressions 

You can use three kinds of expressions for the value of an attribute (or tag 
body) that allows runtime expressions. 

① EL expressions 

〈 mine:advice user="${userName}" /> 


② Scripting expressions 


<mine : advice user= f <%= request.getAttribute (''username 




I 七 has *to be a” r\oi jus*t a stviflct 

So i 七 must Kavc i\^t Si^ m 七 kve and ⑽ 
scw'idolon or\ cr\d- 



(§) <jsp:attribute> standard actions 

〈 mine:advice> 

<jsp : attribute name="user">${userName}</jsp:attribute 〉 
</mine : advice> 

is tW.s?? I tKis A\Ar!i Kavc a body … 


f 二 r 二 ^ 

“empty” in the TLD!! 

The <jsp:attribute> is simply an a/f J rn ^ tag. So 

is, there must be only ONE u attributes IN the tag (as opposed to in the 

if you have a tag that normally ta <i S p-attribute> tags, one for each at- 

body), then inside = 触 an attribute of its own, name, where you 

for Wh ic h yo.re settin, a V a„e. 

rS a ^/e more about this on t h e next page... 


/> 
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tag bodies 


What cm be m a tag body 

A tag can have a body only if the <body-content> element for this tag is 
not configured with a value of empty. The <body-content> element can 
be one of either three or four values, depending on the type of tag. 

A. NOT V^c a 
TV>e wVA$t ^ 


<body-content>empty</body-content> 


bod'/* 




<body-content>scriptless</body-content> s6W 

te 




<body-con tent>tagdependent< /body-con tent> The body is as fla'm so 七 he EL is 

KOT and tajs/adtio^s av-c r>o*t V^jcv-cd- 

<body-content>JSP</body-content> Thc ^ body ta^ have that ta^ 50 msidc a JSP- 


THREE ways to invoke a tag that can’t have a body 


Each of these are acceptable ways to invoke a tag configured in 
the TLD with <body-content> empty </body-content>. 


① An empty tag 


<mine : advice user=’’$ {userName }’’ / > 






② A tag with nothing between the opening and closing tags 

<mine : advice user=’’$ {userName} ’’> </mine : advice 〉 


\ 


■: it：；. 


(S) A tag with only <jsp:attribute> tags between the opening and closing tags 

<mine : advice> 

<jsp : attribute name=’’user">$ {userName}</jsp: attribute 〉 

</mine : advice> 


I u hc tag is ihc OHU/ iW^ you .a. Put between 

tlSlPs ^ ''I? ^ ^ ^ With aY<b ^Lw 

< 、 S’A 严广 way h> put the attv-ibutes m, but 

<jsp.aUnbuto -bgs do^i douh-t as %ody 乙。 士 # 
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The tag hawdlei ： the TLR awd the JSP 

The tag handler developer creates the TLD to tell both the 
Container and the JSP developer how to use the tag. A JSP 
developer doesn’t care about the <tag-class> element in 
the TLD; that’s for the Container to worry about. The JSP 
developer cares most about the uri，the tag name, and the tag 
syntax. Gan the tag have a body? Does this attribute have to 
be a String literal, or can it be an expression? Is this attribute 
optional? What type does the expression need to evaluate to? 

Think of the TLD as the API for custom tags. You have to 
know how to call it and what arguments it needs. 


JSP that uses the tag 

<html> <bod ^ > s ^%> 

" mine " uri^^randomThxngs O 

<%@ taglib pref^ mxne 、 

： <br> 


Advisor Page< 

< I aine：adviceuser=^(userNa.e)^ > 


Ip 


AdvisorTagHandler class 


void doTag() 
// tag logic 


void 


setUser (String 


user) 


this•user=user; 


■ 


< 


/body></' 


btral> 


TLD file 

k aglib ... > 


<uri>randomThings</uri> 

—g> 

<desciy_ption>random advice</description 〉 
<name>advice</ name> 

<tag-class>foo .AdvisorTagHandler</ tag-class > 
<body-content>empty</body-content> 

<attribute> 

<name>user</name> 

<required>true</required 〉 
<rtexprvalue>true</rtexprvalue> 

</attribute 〉 

</tag> 
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the taglib <uri> 


The taglib <uri> is just a mm, wot a location 


The <uri> element in the TLD is a unique name for the tag library. That’s it. It 
does NOT need to represent any actual location (path or URL, for example). It 
simply has to be a name — the same name you use in the taglib directive. 


“But,” you’re asking, “how come with the JSTL it gives the full URL to the library?” 

The taglib directive for the JSTL is: l\kc a URL- "to 

^ 一 a 二 > vcsouv-tc, but jt's 

<%@ taglib prefix=’’c’’ uri=’’http://java. sun • com/jsp/jstl/core’’ %> d , ^ ^ 

tVrU-atted as a URL. 


The web Container doesn’t normally try to request something from the uri in the 
taglib directive. It doesn’t need to use the uri as a location). If you type that as a 
URL into your browser, you’ll be redirected to a different URL, one that has 


information about JSTL. The Container could care less that this particular uri 
happens to also be a valid URL (the whole “http://...” thing). It’s just the 
convention Sun uses for the uri, to help ensure that it’s a unique name. Su 
could have named the JSTL uri “java_foo_tags” and it would have worked in 
exactly the same way. All that matters is that the <uri> in the TLD and the uri in 


the taglib directive match! 


As a developer, though, you do want to work out a scheme to give your libraries 
unique <uri> values, because <uri> names need to be unique for any given web 
app. You can’t, for example, have two TLD files in the same web app, with the 
same <uri>. So, the domain name convention is a good one, but you don’t 
necessarily need to use that for all of your in-house development. 


Having said all that, there is one way in which the uri could be used as a location, 
but it’s considered a really bad practice — if you don’t specify a <uri> inside the 
TLD, the Container will attempt to use the uri attribute in the taglib directive as a 
path to the actual TLD. But to hard-code the location of your TLD is obviously a 
bad idea, so just pretend you don’t know it’s possible. 


灣 g. 

locafionoCAeactoaltagliandler. 


loofe for a 贈 teli 
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The Cowtamcr builds a map 

Before JSP 2.0, the developer had to specify a mapping between the <uri> in the TLD and 
the actual location of the TLD file. So when a JSP page had a taglib directive like this: 

<%@ taglib prefix= 〃 mine 〃 uri= r, randomThings % > 

The Deployment Descriptor (web.xml) had to tell the Container where the TLD file with a 
matching <uri> was located. You did that with a <taglib> element in the DD. 


The OLD (before JSP 2.0) way to map a taglib uri to a TLD file 

<web-app> 

參參 

< j sp-config> 

<taglib> 

<taglib-uri>randomThings</taglib-uri> 

<taglib-location>/WEB-INF/myFunctions•tld</taglib-location> 

</taglib> 

</j sp-config> 

</web-app> 






The NEW (JSP 2.0) way to map a taglib uri to a TLD file 


No <taglib> entry in the DD! 


The Container automatically builds a map between TLD files and <uri> 
names, so that when a JSP invokes a tag, the Container knows exactly where to find the 
TLD that describes the tag. 

How? By looking through a specific set of locations where TLDs are allowed to live. 
When you deploy a web app, as long as you put the TLD in a place the Container will 
search, the Container will find the TLD and build a map for that tag library. 

If you do specify an explicit <taglib-location> in the DD (web.xml), a JSP 2.0 Container 
will use it! In fact, when the Container begins to build the <uri>-to-TLD map, the 
Container will look first in your DD to see if you’ve made any < taglib > entries, and if 
you have, it’ll use those to help construct the map. For the exam, you We expected to 
know about <taglib-location> ， even though it’s no longer required for JSP 2.0. 

So the next step is for us to see where the Container looks for TLDs, and also where it 
looks for the tag handler classes declared in the TLDs. 
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TLD locations 


Four places the Container looks for TLPs 

The Container searches in several places to find TLD files — you 
don’t need to do anything except make sure your TLDs are in one 
of the right locations. 

① Directly inside WEB-INF 
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Whew a JSP uses more thaw owe tag library 

If you want to use more than one tag library in a JSP, do a separate taglib 
directive for each TLD. There a few issues to keep in mind... 

^ Make sure the taglib uri names are unique. In other words, don’t put 
in more than one directive with the same uri value. 

^ Do NOT use a prefix that’s on the reserved list. 

The reserved prefixes are: 

jsp: 

jspx: 

java: 

javax: 

servlet: 

sun: 

sunw: 



Write in examples of the THREE different ways to 
invoke a tag that must have an empty body. 

(Check your answers by looking back through the chapter. No, 
we’re not going to tell you the page number.) 


① 


② 


③ 
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TLD exercise 


c^^rpen your pencil 


How the JSP，the TLD, and the 
bean attribute class relate 

Fill in the spaces based on the information that you 
can see in the TLD. Draw arrows to indicate where the 
different pieces of information are tied together. In other 
words, for each blank, show exactly where you found the 
information needed to fill in the blank. 



TLD file 

<taglib ...> 

• • • 

<uri>randomThings</uri> 

<tag> 

<description>random advice</description 〉 
<name>advice</name> 

<tag-class>foo .AdvisorTagHandler</ tag-class 〉 
<body-content>empty</body-content> 

<attribute> 

<name>user</name> 

<required>true</required 〉 

<rtexprvalue> - </rtexprvalue> 

</attribute 〉 

</tag> 
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i^^rpen your pencil 


Test your Tag memory 
ANSWERS 


① Fill in the name of the optional attribute. 


TV 七 c 七 h 七 i\\t 

loop dowrrtcv vav'isklc- 


<c : f orEach var=’’movie" items=’’$ {movieList}’’ vavS-tdtus : "foo" > 

${movie} 

</c : forEach> 


② Fill in the missing attribute name. 


<c:if 


•test 




${userPref= =, safety 


Ff 


> 


Maybe you should just walk... 
</c:if> 


(D Fill in the missing attribute name. 


TV <6 ： set> -ust V,ave a value, Ut you 


<c : set var="userLevel" scope=^session 


rr 


value 


n 


foo" / > 


④ Fill in the missing tag names (two different tag types), and the missing attribute name. 


<c : choose> 
<c : 




•test 


n 


${userPref 


'performance A }"> 


</c : 


Now you can stop even if you <em>do</em> drive insanely fast 

y/hch > 


<c : 


o*thcvv/isc 


> 


Our brakes are the best. 


</c : 


o*thc\rv/isc 


> 


TV <t：o^cvW«sc> -ba^ 's opt*o^al. 


</c : choose> 
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TLD exercise answers 


c^^rpen your pencil 


How the JSP, the TLD, and the 
bean attribute class relate 
ANSWERS 



TLD file 

Xtagliib ... > 

參 • 

<uri>randomThings</uri> 

<tag> 

<description>random advice</description 〉 

<name >advice</ name > 

<tag-class>foo. AdvisorTagHandler</ tag-class > 
<body-content>empty</body-content> 

<attribute> 

<name>user</name> 

<required>true</required 〉 
<rtexprvalue>*bruc</rtexprvalue> 

</attribute> 

</tag> 
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TKoc^ Zxam 9 


Which is true about TLD files? 

Q A. TLD files may be placed in any subdirectory of WEB-INF. 

Q B. TLD files are used to configure JSP environment attributes, 
such as scripting-invalid. 

Q G. TLD files may be placed in the META-INF directory of the 
WAR file. 

□ D. TLD files can declare both Simple and Classic tags, but TLD 
files are NOT used to declare Tag Files. 


Assuming the standard JSTL prefix conventions are used, 

which JSTL tags would you use to iterate over a collection of objects? 

(Choose all that apply.) 

Q A. <x : forEach> 

Q B. <c : iterate> 

口 G. <c:forEach> 

Q D. <c : forTokens> 

口 E. Clogic:iterate 〉 

Q F. <logic : forEach> 
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mock exam 


A JSP page contains a taglib directive whose uri attribute has the 
value my Tags. Which deployment descriptor element defines the 
associated TLD? 

□ A. <taglib> 

<uri>myTags</uri> 

<location>/WEB-INF/myTags.tld</location> 

</taglib> 

口 B. <taglib> 

<uri>myTags</uri> 

<tld-location>/WEB-INF/myTags.tld</tld-location> 
</taglib> 

Q G. <taglib> 

<tld-uri>myTags</tld-uri> 

<tld-location>/WEB-INF/myTags.tld</tld-location> 
</taglib> 

□ D. <taglib> 

<taglib-uri>myTags</taglib-uri> 

<taglib-location>/WEB-INF/myTags.tld</taglib-location> 
</taglib> 



A JavaBean Person has a property called address. The value of this 
property is another JavaBean Address with the following string properties: 

streetl, street2, city, stateCode and zipCode. A controller servlet 
creates a session-scoped attribute called customer that is an instance of the 
Person bean. 


Which JSP code structures will set the city property of the customer 

attribute to the city request parameter? (Choose all that apply.) 

Q A. $ {sessionScope.customer.address.city = param.city} 

Q B. <c : set target= A, $ {sessionScope. customer. address }" 

property:"city" value="${param.city}" /> 

Q G. <c : set scope="session" var="${customer.address}" 

property:"city" value="${param.city}" /> 

□ D. <c : set target= A, $ {sessionScope. customer. address }" 

property:"city"> 

${param.city} 

</c : set> 
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Which <body-content 〉 element combinations in the TLD 
are valid for the following JSP snippet? (Choose all that apply.) 

11. <my : tagl> 

12 . <my : tag2 a="47 〃 /> 

13. <% a = 420; %> 

14. <my : tag3> 

15. value = ${a} 

16. </my : tag3> 

17. </my : tagl> 


Q A. tagl body-content is empty 
tag2 body-content is JSP 
tag3 body-content is scriptless 

Q B. tagl body-content is JSP 

tag2 body-content is empty 
tag3 body-content is scriptless 

□ C. tagl body-content is JSP 
tag2 body-content is JSP 
tag3 body-content is JSP 

Q D. tagl body-content is scriptless 
tag2 body-content is JSP 
tag3 body-content is JSP 

Q E. tagl body-content is JSP 

tag2 body-content is scriptless 
tag3 body-content is scriptless 


Assuming the appropriate taglib directives, which are valid 
examples of custom tag usage? (Choose all that apply.) 

口 A. <foo:bar /> 

Q B. <my : tagX/my : tag> 

□ C. <mytag value="x" /> 

□ D. <c : out value=’’x" /> 

□ E. < jsp : setProperty name="a" property="b" value="c" /> 
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mock exam 


7 


Given the following scriptlet code: 


11. <select name= f styleld^ > 

12. <% BeerStyle[] styles = beerService.getStyles(); 

13. for ( int i=0; i < styles. length; i++ ) { 

14 . BeerStyle style = styles[i] ; %> 

15 . <option value= f <%= style.getObjectID() %>’ > 

16. <%= style.getTitle() %> 

17. </option> 

18. <% } %> 

19. </select> 


Which JSTL code snippet produces the same result? 


Q A. <select name= f styleld^ > 

<c : for array: f ${beerService.styles }'> 

<option value= f ${item.objectID} ' >${item.title}</option> 
</c : for> 

</select> 

Q B. <select name =, styleld^ > 

<c : forEach var='style' items:'${beerService.styles }'> 

Coption value= A ${style.objectID} f >${style.title}</option> 

</c : forEach> 

</select> 

Q G. <select name= A styleld , > 

<c : for var='style' array =, ${beerService.styles }' > 

Coption value= A ${style.objectID} f >${style.title}</option> 

</c : for> 

</select> 

Q D. <select name =, styleld f > 

<c : forEach var='style' array:'${beerService.styles }'> 

Coption value= f ${style.objectID} f >${style.title}</option> 

</c : for> 

</select> 
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Which is true about TLD files? 

A. TLD files may be placed in any subdirectory of WEB-INF. 




Q B. TLD files are used to 
such as s crip ting- 


-Option B is mvalidi because TLP 

configure JSP environment attributes, 心 ‘ hd^dlm ^oi 

invalid. 七 JSP c^vivo^mc^t 


□ G. TLD files may be placed in the META-INF directory of the Option C is invalid bedduse TLD 

WAR file. -Piles a\rc hot redo—z^d m 

/WETA-INF o( the WAR (\\t. 

□ D. TLD files can declare both Simple and Classic tags, but TLD 

files are NOT used to declare Tag Files. —Option J) is ihvalid bedduse 

T^^p\\cs may be dc^ld\rcd \v\ 
a TLD fbu*t it is vavc). 


Assuming the standard JSTL prefix conventions are used, 

which JSTL tags would you use to iterate over a collection of objects? 

-Option A is mdovvedt 3s this is the 
used (or ovcv- ><Pa*bh c^frcssio^s. 


-Optioh B is ihdo\rrcd*t bedduse 
ho sudh tag exists. 


(JSTU vl l ^ 


(Choose 

all that apply.) 

□ A. 

<x:forEach> 

□ B. 

<c : iterate> 

^ G. 

<c : forEach> 

□ D. 

<c : forTokens> 

□ E. 

Clogic:iterate 〉 

□ F. 

<logic : forEach> 


-Option P is mdov-v-cd*t because 
this is used -fov- i 七 ewtmg ovcv- 
•fcokci^s y/i 七 hm a s'm^le s*brmg. 

一 OptiohS £ 3hd P 3\rc ihdo\r\rcd*t 
bcdausc -the p\rc-Pix is hot a 

七 hda\rd JSTL p\rc-Pix (-this pvc-f ix 

by *tajs ih -the 


is typidally used by tags ii 
Jaka\rta Siv-uis padkay). 


you are here ► 495 




mock answers 



A JSP page contains a taglib directive whose uri attribute has the 
value my Tags. Which deployment descriptor element defines the 


(JSP vZO vy 


associated TLD? 

□ A. <taglib> 

<uri>myTags</uri> 

<location>/WEB-INF/myTags.tld</location> 

</taglib> 

口 B. <taglib> 

<uri>myTags</uri> 

<tld-location>/WEB-INF/myTags.tld</tld-location> 

</taglib> 

Q G. <taglib> 

<tld-uri>myTags</tld-uri> 

<tld-location>/WEB-INF/myTags.tld</tld-location> 

</taglib> 

<taglib> ^ Option P 

<taglib-uri>myTags</taglib-uri> va |ia elements. 

<taglib-location>/WEB-INF/myTags. tld</taglib-location> 
</taglib> 



A JavaBean Person has a property called address. The value of this 
property is another JavaBean Address with the following string properties: 

streetl, street2, city, stateCode and zipCode. A controller servlet 
creates a session-scoped attribute called customer that is an instance of the 
Person bean. 


(JSTU vl l 


Which JSP code structures will set the city property of the customer 
attribute to the city request parameter? (Choose all that apply.) 


□ A. 
^ B. 


${sessionScope.customer.address.city = param.city} 

<c : set target="${sessionScope.customer.address}" 
property:"city” value=”${param.city}" /> 


—A ,s h v alid 

bedduse EL docs y\oi 


permit 


□ G. 

5^ D. 


<c : set scope="session’' var="$ {customer. address}" 
property:"city" value="${param.city}" /> 

<c : set target= A, ${ sessionScope. customer. address}" 
property="city"> 

${param.city} 

</c : set> 


—Option C is invalid 

because the vav- a-ttv-ikutc 

does hot 私 乙吓七 a 

value, v\or dots it 

v/o\rk with the f\rofC\rby 

attribute- 
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using JSTL 


Which <body-content 〉 element combinations in the TLD 
are valid for the following JSP snippet? (Choose all that apply.) 




11. <my : tagl> 

12 . <my : tag2 a="47 〃 /> 

13. <% a = 420; %> 

14. <my : tag3> 

15. value = ${a} 

16. </my : tag3> 

17. </my : tagl> 


-TaoJ mdudcs todc SO *.l must have at 

least K ^? } bodv-^Wt Tapi *»s , 

todc so may have c.^c^r JSP o^r 

中七 less’ body - 竹七 ⑼七 . 


□ A. 
^ B. 

5^ G. 

□ D. 
^ E. 


tagl body-content is empty 

tag2 body-content is JSP 

tag3 body-content is scriptless 

tagl body-content is JSP 

tag2 body-content is empty 

tag3 body-content is scriptless 

tagl body-content is JSP 
tag2 body-content is JSP 
tag3 body-content is JSP 

tagl body-content is scriptless 
tag2 body-content is JSP 
tag3 body-content is JSP 

tagl body-content is JSP 

tag2 body-content is scriptless 

tag3 body-content is scriptless 


—A ,s m v alid 
because -tajl 
be 、叶 t/. 


-Optioh P is 
because taj/ 
be 'sd\rip*tlcss ， 


invalid 

d3hho*t 


； ； ； ； ； ； Mcp v2-.0 setfeon "0 

Assuming the appropriate taglib directives, which are valid 

examples of custom tag usage? (Choose all that apply.) 

^ A. <foo:bar /> 

1^ B. <my : tagX/my : tag> 

1^ G. <mytag value="x" /> C is mvalid because 

a D. <c : out value="x" /> there is i%. 

□ E. < jsp : setProperty name="a" property="b" value="c" /> 


-0p*tioh E is'mvalid bedduse -this is 以 ample o*f 

d JSP s-ta^dav-d ad*tioh, ho*t a dus-tom 
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mock answers 


7 


Given the following scriptlet code: 


11. <select name= f styleld^ > 

12. <% BeerStyle[] styles = beerService.getStyles(); 

13. for ( int i=0; i < styles. length; i++ ) { 

14 . BeerStyle style = styles[i] ; %> 

15 . <option value= f <%= style.getObjectID() %>’ > 

16. <%= style.getTitle() %> 

17. </option> 

18. <% } %> 

19. </select> 


(JSTU vl.l 肩 


Which JSTL code snippet produces the same result? 


Q A. <select name= f styleld^ > 

<c : for array: f ${beerService.styles }'> 

<option value= f ${item.objectID} ' >${item.title}</option> 

</c : for> 

</select 〉 B is because it uses the 

B.〈select name='style Id'> p\rofc\r JSTL 

<c : forEach var='style' items:'${beerService.styles }'> 

Coption value= A ${style.objectID} f >${style.title}</option> 

</c : forEach> 

</select> 

Q G. <select name= A styleld , > 

<c : for var='style' array =, ${beerService.styles }' > 

Coption value= A ${style.objectID} f >${style.title}</option> 

</c : for> 

</select> 

Q D. <select name =, styleld^ > 

<c : forEach var='style' array:'${beerService.styles }'> 

Coption value= f ${style.objectID} f >${style.title}</option> 

</c : for> 

</select> 
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10 custom tag development 


When even JSTL is not 
enough 



Sometimes JSTL and standard actions aren’t enough. 

When you need something custom, and you don’t want to go back to scripting, 
you can write your own tag handlers. That way, your page designers can use 
your tag in their pages, while all the hard work is done behind the scenes in 
your tag handler class. But there are three different ways to build your own tag 
handlers, so there’s a lot to learn. Of the three, two were introduced with JSP 2.0 
to make your life easier (Simple Tags and Tag Files). But you still have to learn 
about Classic tags for that ridiculously rare occasion when neither of the other 
two will do what you want. Custom tag development gives you virtually unlimited 
power, if you can learn to wield it... 


this is a new chapter 
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official Sun exam objectives 




Building a Custom Tag Library 


Coverage Notes: 


10.1 Describe the semantics of the “Classic” custom 
tag event model when each event method 
(doStartTagO, doAfterBody(), and doEndTag()) 
is executed, and explain what the return value 
for each event method means; and write a tag 
handler class. 

10.2 Using the PageContext API, write tag handler 
code to access the JSP implicit variables and 
access web application attributes. 

10.3 Given a scenario, write tag handler code to 
access the parent tag and an arbitrary tag 
ancestor. 

10.4 Describe the semantics of the “Simple” custom 
tag event model when the event method 
(doTag()) is executed; write a tag handler 
class; and explain the constraints on the JSP 
content within the tag. 


Although objective 10.1 doesn’t explicitly 
mention the lifecycle methods associated with 
Body Tag (doInitBodyQ and setBodyContext()), 
you can expect to see them on the exam! 
Everything you need to know related to Classic 
tags is covered in this chapter, including things 
you might not infer from objective 10.1. 

Objective 10.2 (PageContext API) is covered 
only very briefly in this chapter, because most of 
what you need to know about the PageContext 
API has already been covered earlier in the book. 
Virtually all of this objective is about using 
PageContext to access implicit variables and 
scoped attributes, both covered in the “Scriptless 
]SP” chapter, although we do provide a one-page 
summary again in this chapter. 


10.5 Describe the semantics of the Tag File model; 
describe the web application structure for 
tag files; write a tag file; and explain the 
constraints on the JSP content in the body of 
the tag. 
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custom tag development 


I like the idea of having reusable 
chunks, but <jsp ： include> and <c ： import> 
aren’t perfect. There's no standard for 
directories to put the included files in, the 
JSP is hard to read, and the fact that you 
make new request parameters to send 
something to the included file feels 
wrong... 



Includes and imports can be messy 

Using <jsp:include> or <c:import> lets you add reusable 
chunks of content, dynamically, to your pages. And you 
can even customize how the included file behaves by 
setting new request parameters that the included file 
can use. 

Sure, it works fine. But should you really have to create 
new request parameters just to give the included file some 
customizing information? 

Aren’t request parameters supposed to represent form 
data sent from the client as part of the request? While 
there might be good reasons to add or change request 
parameters in your app, using them to send something to 
the included file isn’t the cleanest approach. 

Until JSP 2.0, there wasn’t a standard way to deploy 
included files — you could put the included pieces just 
about anywhere in the web app. And a JSP with a bunch 
of <jsp:include> or <c:import> tags isn’t the easiest 
thing to read. Wouldn’t it be better if the tag itself told 
you something about the thing being included? Wouldn’t 
it be nice to say something like: 


<x:logoHeader> or <x:navBar> 

You know where this is going … 


you are here ► 
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Tag Files 


Tag Files: like mclude, only better 

With Tag Files, you can invoke reusable content using a custom tag 
instead of the generic <jsp:include> or <c:import>. You can think of Tag 
Files as a kind of “tag handler lite”，because they let page developers 
create custom tags, without having to write a complicated Java tag 
handler class, but Tag Files are really just glorified includes. 


Simplest way to make and use a Tag File 


① Take an included file (like “Header.jsp”）and 
rename it with a .tag extension. 

<img src=’’images/Web-Services • jpg" > <br> 


<img 

src= 〃 images/ 
Web-Ser- 
vices.jpg” > 

rename 

__ V 

<img 

src =,/ images/ 
Web-Ser¬ 
vices .jpg" 





Header, jsp Header, tag 


WOhi bc ih the -fi h a| Jsp y 仏 y 


(5) Put the tag file (“Header.tag”）in a directory 
named “tags” inside the “WEB-INF” directory. 


( 3 ) Put a taglib directive (with a fagd/r attribute) in 
the JSP, and invoke the tag. 

<%@ taglib prefix="myTags" tagdir= A, / WEB -INF /tags ,r %> 

^ ih c u 



<htmlxbody> 


CmyTags:Header/> 

The of x 

〜仏⑽ : : 

Welcome to our site. 

</body></html> 




<jsp：*mdludc pay — ； Hcadc\rjspV> 


y/c nov/ h3vc ： 




Header-tag 
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custom tag development 


Put how do you send it parameters? 

When we included a file using <jsp:include>, we used the <jsp:param> 
tag inside the <jsp:include> to pass information to the included file. To 
refresh your memory on how it works with <jsp:include>: 


The old way: An included file that uses a param 
(coming from a <jsp:param> in the calling JSP) 

<img src=’’images/Web-Services • jpg" > <br> 
<em><strong>$ {parjam. subTitle}</strongx/em> 


.. 伽 s \s 加 C0MPL^ Tt 


The old way: The JSP with the <jsp:include> 
and <jsp:param> 

<html><body: 






广 ㈣; ‘ 


<jsp : include page="Header•j sp"> 

<jsp:pa^am name= 〃 subTitle 〃 value=〃We take the sting out of SOAP. 
</jsp : include> 


/> 


<br> 

Contact us at: ${initParam.mainEmail} 
</body></html> 


The result 


6 0 0 




岱 c 


0 http://localhost:8080/tests/Contact.jsp 


Qj Google 


PP JZSE 1.5 in 3 . Nutshell Colorado G...opers Home SlAshdat: Me...hat matters orkm - h&me java.net 


» 



This is -fvom 七 he 
mdludcd -file- 


We 


take the sting out of SOAP. ‘ ~ 丁乂 O^P- 


Contact us at: likewecare@wickedlysmart.com ， 

I his is ih the 

JSp. 
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Tag File attributes 


To a Tag File, you don't send request parameters, 
you sGwd tag attributes! 

You invoke a Tag File with a tag, and tags can have attributes. So it’s only 
natural that the Tag File developer might want to invoke the tag with attributes... 
attributes that get sent to the Tag File. 

Invoking the tag from the JSP 

Before (using <jsp:param> to set a request parameter) 

< j sp : include page=’’Header • j sp’’> 

<j sp : param name= 〃 subTitle 〃 value=〃We take the sting out of SOAP 

</j sp:include 〉 

After (using a Tag with an attribute) 

〈 myTags: Header subTitle=〃We take the String out of SOAP 〃 /> 


Using the attribute in the Tag File 

Before (using a request param value) 

<em><strong>$ {param. subTitle }</ strongx/em> 

After (using a Tag File attribute) 

<em><strong>$ {subTitle }</ strongx/em> <br> 


TW»s \s 


ms\dc 

Ta a f Cm o^r 一 
: 铷). 


out of scope! 

a request parameter. sn0 looks to the web-app as though it came 

The name/value pair for the J s ?/ P fth reaS ons we DONT like using it—the 

in with a form submiss,on -J^^ f// e ends up visible to any compo- 

一 ㈣ 獅 or JS 

the request is forwarded) 遍 hutes for Tag Files is that they’re scoped to 

< %@ taglib prefix=-myTags- tagdir=VWEB-INF/tags- %> 

< h tml><body> = " we take the String out of S ⑽ "/> 

<myTags: Header subT TVxC 

</body></html> 


/> 


504 chapter 10 



custom tag development 


Wait...something's not right 
here. How does the person 
writing the JSP even KNOW 
that the tag has that attribute? 
Where's the TLD that describes 
the attribute type? 



Aren't tag attributes 
declared m the TU?? 


With custom tags, including the JSTL, the tag attributes 
are defined in the TLD. Remember? This is the TLD 
from the custom <my:advice> tag from the last chapter: 

<tag> 

<description>random advice</description 〉 
<name>advice</name> 

<tag-class>foo.AdvisorTagHandler</tag-class> 
<body-content>empty</body-content 〉 

<attribute> 

<name>user</name> 

<required>true</required> 

<rtexprvalue>true</rtexprvalue> 

</attribute> 


</tag> 


So, these are the things the developer who is using a tag 
needs to know. What’s the attribute name? Is it optional 
or required? Gan it be an expression, or must it be only a 
String literal? 

But while you do specify custom tag attributes in a TLD, you 
do NOT specify tag file attributes in a TLD! 


That means we still have a problem — how does the page 
developer know what attributes the tag accepts and/or 
requires? Turn the page … 
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attribute directive 


Taq Files use the attribute directive 


There’s a shiny new type of directive, and it’s just for Tag 
Files. Nothing else can use it. It’s just like the <attribute> sub¬ 
element in the <tag> section of the TLD for a custom tag. 


Inside the Tag File 
(Headentag) 




be 3 

V»tcv-al OK 

办 c^v-css\om. 


<%@ attribute name= 〃 subTitle 〃 required= " truertexprvalue= A, true %> 

<img src^^images/Web-Services.jpg^ > <br> 

<em><strong>$ {subTitle}</ strongx/em> <br> 


Inside the JSP that 
uses the tag 


<%@ taglib prefix="myTags 〃 tagdir="/WEB-INF/tags 〃 %> 
<htmlxbody> yjj 

〈 myTags: Header subTitle="We take the String out of SOAP’’ /> 


<br> 

Contact us at: ${initParam.mainEmail} 
</body></html> 


What happens if you 
do NOT have the 
attribute when you 
use the tag 


〈 myTags:Header /> 



‘ fj [ 0 y.. 


0OO__ 

< 众 + 0 http://localhost:8080/tests/Contact.jsp " Qr cocqi^ 

CQ J2SE IvS in a Mutshcll Colorado G..,opers Home SUsfidot: We...hat matters orkul - home java.net 》 


HTTP Status 500 ■ 


Type: Exception report 

Description: The server encountered an internal error () that prevented it from fulfilling this request. 

Exception: 

org.apache.jasper.JasperException : /Contact•j sp(1,61) According 
to the TLD or the tag file, attribute subTitle is mandatory for tag 
Header ^ 

org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorandler. 
java : 83) 

org.apache.jasper.compiler.ErrorDispatcher.dispatch(ErrorDispatcher. 
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custom tag development 


When an attribute value is really big 


Imagine you have a tag attribute that might be as long as, say, a 
paragraph. Sticking that in the opening tag could get ugly. So, you can 
choose to put content in the body of the tag, and then use that as a kind 
of attribute. 

This time we’ll take the subTitle attribute out of the tag, and instead 
make it the body of the <myTags:Header> tag. 


Trust me on this. 
Sometimes ifs good 
to have a BODY. 


Inside the Tag File 伽 Wte 

(Headentag) 


<img src=’’images/Web-Services • jpg" > <br> 
<em><strong>< j sp : doBody/></ strongx/em> <br> 


^ This 
boi * 
i3( 


! h ' 5 s T/ rake “ 义⑽ isih ^ 


Inside the JSP that 
uses the tag 

<%@ taglib prefix=’’myTags" tagdir=’’/WEB-INF/tags" %> 
<htmlxbody> 

CmyTags:Header> 



We take the sting out of SOAP. OK, so it's not Jini , <br> 
but we'll help you get through it with the least<br> 
frustration and hair loss. 


</myTags : Header> 


<br> 

Contact us at: ${initParam.mainEmail} 
</body></html> 




St/f we ! re back to the same problem we had before—without 
a TLD, where do you declare the body-content type? 
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tag directive body-content 


Peclarmg body-cowtcwt for a Tag File 


The only way to declare body-content type for a Tag File is 
with another new Tag File directive, the tas directive. The 
tag directive is the Tag File equivalent of the page directive 
in a JSP page, and it has a lot of the same attributes plus an 
important one you won’t find in page directive — body-content. 

For a custom tag, the <body-content> element inside the 
<tag> element of a TLD is mandatory! But a Tag File does not 
have to declare <body-content> if the default — scriptless — is 
acceptable. A value of scriptless means you can’t have 
scripting elements. And scripting elements, remember, are 
scriptlets (<%... %>), scriptlet expressions (<%= ... %>)，and 
declarations (<%!••• %>). 

In fact, Tag File bodies are never allowed to have scripting, 

so it’s not an option. But you can declare body-content (using 
the tag directive with a body-content attribute) if you want one 
of the other two options, empty or tagdependent. 

Inside the Tag File with a tag directive 
(Header.tag) 


<%@ attribute name= 〃 fontColor 〃 required= 〃 true 〃 %> 


You CM^OT use scripting 
code in ^ie body of a Tag 
File tag! 

The body-content of a Tag 
File defaults to “seriptless ”， 
So you don't Kave to declare 
body-content unless you 
want one of^ie OTHER 
two options ： “empty"’ 

(nodiing in ^ie tag body) or 
“tagdependenf ’ (treats Ae 
body as plain text). 


<%@ tag body-conte 



9 [ 班 ? 織 SSSif 


<img src=’’images/Web-Services • jpg" > <br> 

<em><strong><font color=’’${fontColor}’’Xjsp:doBody/></fontx/strongx/em> <br> 


Inside the JSP that 
uses the tag 

<%@ taglib Jrefix="myTags 
<html> 


tagdir=’’/WEB-INF/tags" %> 

w WColo/ \s AtcUrtd ay. a 也， w 七 C 
rn Ta^ nc 


CmyTags : Header fontCo^_or= 〃 #660099〃> 

We take the sting out of SOAP. OK, so it's not Jini,<br> 
but we^11 help you get through it with the least<br> 
frustration and hair loss• 

</myTags : Header> 


<br> 

Contact us at: ${initParam.mainEmail} 
</body></html> 
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Tag File locations 


custom tag development 


Where the Container looks for Tag Files 


The Container searches for tag files in four locations. A tag file 
MUST have a TLD if it’s deployed in a JAR, but if it’s put directly 
into the web app (in “WEB-INF/tags” or a sub-directory), it does 
not need a TLD. 


— l 



webapps 


,hVok « ihe is 9 


① 



Directly inside WEB-INF/tags 

(2) Inside a sub-directory of 
W WEB-INF/tags 

(3) Inside the META-INF/tags 
directory inside a JAR file 
thafs inside WEB-INF/lib 


^4) Inside a sub-directory of 
W META-INF/tags inside a JAR 
file thafs inside WEB-INF/lib 

IF the tag file is deployed in 
W a JAR, there MUST be a TLD 
for the tag file. 


NavBar.tag 


Header.tag 


.atalo^Tay 



AdvisorTagHandler.class 


catalogTags.tld 


CatalogHead.tag 





Footer.tag 
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tag file questions 


_^tJierei£irejio 

Dumb Questions 


o ： 

Does the Tag File have access to the request and 
response implicit objects? 


A I 

Yes! Remember, even though it's a .tag file, it's 
gonna end up as part of a JSP. You can use the implicit 
request and response objects (if you do scripting... the 
normal EL implicit objects are always there as well), and you 
have access to a JspContext as well. 

You don’t have a ServletContext, though — a Tag File uses a 

JspContext instead of a ServletContext. 


I thought on the opposite page you just said we 
could not do scripting in a Tag File! 


A i 

No, that’s not exactly what we said. You can do 
scripting in a Tag File, but you can’t do scripting inside the 
body of the tag used to invoke the Tag File. 


Can you combine Tag Files and TLDs for custom 
tags in the same directory? 


A ! 

Yes. In fact, if you make a TLD that references your 
Tag Files, the Container will consider both Tag Files and 
custom tags mentioned in the same TLD as belonging to the 
same library. 


o： 

Hold on — I thought you said Tag Files didn't 
have a TLD? Isn’t that why you have to use an attribute 
directive? Since you can't declare the attribute in a TLD? 


A I 

Trick question. If you deploy yourTag Files in a JAR, 
they MUST have a TLD that describes their location. But it 
doesn’t describe attribute, body-content, etc. The 


TLD entries for a Tag File describe only the location of the 
actual Tag File. 

The TLD for a Tag File looks like this: 

<taglib ••••> 

<tlib-version>1.0</tlib-version> 
<uri>myTagLibrary</uri> 

<tag-file> 

<name>Header</name> 

<path>/META-INF/tags/Header.tag</path> 

</tag-file> 

</taglib> 

Notice that declaring a <tag-file> is quite different from 
declaring an actual <tag>. 

o ： 

Why did they do it this way? Wouldn’t it be so 
much simpler to just have custom tags and Tag Files 
declared the same way in a TLD? But NO... instead they 
had to come up with this whole other thing where you 
have to use new directives for defining the attributes 
and body-content. So, why are tags and Tag Files done 
differently? 


On one hand, yes, it would have been simpler 
if custom tags and Tag Files were declared in the same 
way, using a TLD. The question is, simpler for whom? For a 
custom tag developer, sure. But Tag Files were added to the 
spec with someone else in mind — page designers. 

Tag Files give non-Java developers a way to build custom 
tags without writing a Java class to handle the tag’s 
functionality. And not having to build a TLD for the 
Tag File just makes life easier for the Tag File developer. 
(Remember,Tag Files do need a TLD if theTag File is 
deployed in the JAR, but a non-Java programmer might not 
be using JARs anyway.) 

The bottom line: custom tags must have a TLD, but Tag Files 
can declare attributes and body-content directly inside the 
Tag File, and need TLDs only if theTag File is in a JAR. 
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harpen your pencil 



Memorizing Tag Files 

Before we move on to a new topic, make sure 
you can write one yourself (answers are at the 
end of the chapter). 


① Fill in what would you must put into a Tag File to declare that the Tag has one required 
attribute, named “title”，that can use an EL expression as the value of the attribute. 



② Fill in what would you must put into a Tag File to declare that the Tag must NOT have a body. 



(3) Draw a Tag File document 
in each of the locations 
where the Container will 
look for Tag Files. 


MyTestApp 




myTags 
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custom tag handlers 


Whew you need more thaw Tag Files... 
Sometimes you need Java 

Tag Files are fine when you’re doing an include — when all 
you need to handle the tag you can do from another 
(renamed with a .tag extension and with the appropriate 
directives added). But sometimes you need more. Sometimes 
you need good old Java code, and you don’t want to do it 
from scriptlets, since that’s what you’re trying to prevent by 
using tags. 

When you need Java, you need a custom tag handler. A tag 
handler, as opposed to a tdig file, is simply a Java class that does 
the work of the tag. It’s a little like an EL function, except 
much more powerful and flexible. Where EL functions are 
nothing more than static methods, a tag handler class has 
access to tag attributes, the tag body, and even the page 
context so it can get scoped attributes and the request and 
response. 

Custom tag handlers come in two flavors: Classic and Simple. 
Classic tags were all you had in the previous version of JSP, 
but with JSP 2.0, a new and much simpler model was added. 
You’ll have a hard time coming up with reasons to use the 
classic model when you need a custom tag handler, because 
the simple model (especially combined with JSTL and tag 
files) can handle nearly anything you’d want to do. But we 
can’t dump the classic model for two reasons, and these two 
reasons are why you still have to learn it for the exam: 

1) Like scripting, Classic tag handlers are out there, and you 
might need to read and support them, even if you never 
create one yourself. 

2) There are those rare scenarios for which a classic tag 
handler is the best choice. This is pretty obscure, though. So 
point #1 is by far the most important reason to learn about 
Classic tags. 

We’ll start with the Simple tag model first, to get warmed up. 


Tag files implement Ae tag 
functionality widi anodier 
(using JSP). 

Tag handlers iiqpleiqent ^ie 
tag functionality widia 
special Java class- 


Tag Kandlers coiqe in two 
flavors: Simple and Classic. 
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custom tag development 


Making a Simple tag handler 

For the simplest of Simple tags, the process is ...simple. 

① Write a class that extends SimpleTagSupport 

package foo; 

import javax.servlet.jsp.tagext.SimpleTagSupport; 

// more imports needed 


public class SimpleTagTestl extends SimpleTagSupport { 
// tag handler code here 


② Override the doTag() method 


public void doTag () throws JspException, 工 OException { 

get JspContext () . getOut () .print (''This is the lamest use of a custom tag ”） 

1 ^ 


③ Create a TLD for the tag 


The 

you 


. do Tff ^ hod ^ lOB^ePiio^ so 

doh i have wirap ihe ih a 


> 


<taglib . 

<tlib-version>l.2</tlib-version 〉 

<uri>simpleTags</uri> 

<tag> 

<description>worst use of a custom tag</description> 
<name>simplel</name> 

<tag-class>foo.SimpleTagTestl</tag-class> 
<body-content>empty</body-content> 

</tag> 

</taglib> 


④ Deploy the tag handler and TLD 

Put the TLD in WEB-INF, and put the tag handler inside 
WEB-INF/classes, using the package directory structure, 
of course. In other words, tag handler classes go in the 
same place all other web app Java classes go. 


r^x 


useTag.jsp 


④ Write a JSP that uses the tag 


<%@ taglib prefix="myTags 

<htmlxbody> 

CmyTags:simplel/> 

</body></html> 


uri= 〃 simpleTags 〃 %> 



simple.tld 




0010 

0001 

1100 

1001 

0001 

0011 

0101 

0110 


SimpleTagTestl.class 
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getJspBodyQ.invoke 


A Simple tag with a body 

If the tag needs a body，the TLD <body-content> needs to reflect that, 
and you need a special statement in the doTag() method. 


The JSP that uses the tag 


<%@ taglib prefix= 〃 myTags 〃 uri= 〃 simpleTags 〃 %> 
<htmlxbody> 

Simple Tag 2 : 


CmyTags:simple2> 
This is the body 
</myTags : simple2> 




</body></html> 


The tag handler class 

package foo; 

import javax.servlet.j sp.JspException; 

import javax.servlet.j sp.tagext.SimpleTagSupport; 

import java•io • 工 OException; 

public class SimpleTagTest2 extends SimpleTagSupport { 

public void doTag() throws JspException, 工 OException { 

getJspBody().invoke(null); 


The TLD for the tag 




OTtttR 70U \>ass m. 


some 


<?xml version= 〃 l•0 〃 encoding= 〃 ISO-8859-l 〃 ?> 

<taglib xmlns=’’http : //j ava . sun . com/xml/ns/ j 2ee" 
xmlns : xsi= 〃 http:/ / www.w3.org/2001/XMLSchema-instance^ 

xsi : schemaLocation=’’http : //java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd" ver- 
sion= 〃 2•0〃> 


<tlib-version>l.2</tlib-version> 
<uri>simpleTags</uri> 


<tag> 


<description>marginally better use of a custom tag</description> 


<name>simple2</name> 

<tag-class>f 00 .SimpleTagTest2</tag—class> 


<body-content>scriptless</body-content> 


</tag> 
</taglib> 





a bod^, but 
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The Simple tag API 

A Simple tag handler must implement the SimpleTag interface. The 
easiest way to do that is to extend SimpleTagSupport and override just 
the method you need, doTag(). You don’t have to use SimpleTagSupport, 
but we reckon 99.999999% of simple tag developers do. 

JspTag interface 

(javax.servlet.jsp.tagext.JspTag) 


〈〈 interface 〉〉 

JspTag 

//no methods, this interface is for 
//organization and polymorphism 


SimpleTag interface 


(javax.servlet.jsp.tagext.SimpleTag) 

_ 丫 

《 interface 〉〉 

SimpleTag 

void doTag() 

JspTag getParent() 
void setJspBody(JspFragment) 
void setJspContext(JspContext) 
void setParentfJspTag parent) 

I 

I 

SimpleTagSupport 


avc 

…如 tails 

^ese a ^ —ked. 

Ca^ vou ovdev rn 

▲A 払仪 methods avc taWtd, 


r OU 





(javax.servlet.jsp.tagext.SimpleTagSupport) 


SimpleTagSupport 

void doTag() 

JspTag findAncestorWithClass (JspTag, Class) 
JspFragment getJspBody() 

JspContext getJspContextf) 

JspTag getParentf) 
void setJspBody(JspFragment) 
void setJspContext(JspContext) 
void setParent(JspTag parent) 


itdT^ 

So y ou , o7 Y) docs^i do 

， “ di 饮 ) ]“ so 二 

^ihod Sj i^u f^ 0{rc 
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Simple tag handler lifecycle 


The life of a Simple tag handler 

When a JSP invokes a tag, a new instance of the tag handler class is 
instantiated, two or more methods are called on the handler, and when 
the doTag() method completes, the handler object goes away. (In other 
words, these handler objects are not reused.) 


Web Container 

广） 

[Container I 

I 

! Load class 


SimpleTag class 


Tag Handler Object 


101101 
101101 
10101000010 
1010 10 0 
01010 1 
1010101 
10101010 
1001010101 


SimpleHandler.class 


Instantiate class (no-arg constructor runs). 




Call the setJspContext(JspContext) method. 


If the tag is nested (invoked from within another 
tag), call the setParent(JspTag) method. 


You y/ill v/\ri*tc m youv dldss ： 

If the tag has attributes, call attribute setters. 


If the tag is NOT declared to have a <body- 
content of empty, AND the tag has a body, call 

the set J spBody (J spFragment) method. 






\ 


T] f 9 iv « the hdhdl^ a 


A 。細 

Vts vested. 

K 卢卜 ^3 is evoked with 

to th,s ihai well scc U 

a \>ody, *t^c \)ody 

method) 3 s 


|jf i\st V^as 
AomCS m ftyou 


•msta^C 上和， CvA. 


You will ovc\rv-idc *tiVis: 

Call the doTagQ method. 


♦o 

I 

J_ 

wW the 佺 3 is do' 
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BE lire Container 

Look at each of tire TLD/JSP pairs. 
Assume that the ta^ handler prints lie 
body of tire ta 贫 . Then answer tire 
.following questions about each 
one... what’s tire result? If it 
works, what prints out? 瑜 eh 
metiiods in tire custom ta^ class 
are invoked? 


① <tag> 

<description></description 〉 
<name>simple</name> 

<tag—class>foo•SimpleTagTest</tag—class> 
<body-content>empty</body-content> 

</tag> 


Simple Tag : 

<myTags : simple 〉 

This is the body of the tag 
</myTags : simple> 


What do you see in the browser? 


If it works, which SimpleTag lifecycle methods are called in the handler? 

I void doTagf) I —"j JspTao aetParentf) I j void setJspBody() I ~~j void setJspContextO I j void setParent() 


② <tag> 

<description></description 〉 
<name>simple</name> 

<tag—class>foo•SimpleTagTest</tag 一 class> 
<body-content>scriptless</body-content> 
</tag> 


Simple Tag : 
<myTags : simple 〉 
${ 2 * 3 } 

</myTags : simple 〉 


What do you see in the browser? 


If it works, which SimpleTag lifecycle methods are called in the handler? 

□ void doTagf) I ~~ j JspTao aetParentf) I j void setJspBody() I ~~ j void setJsoContextf) I j void setParentf) 
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Simple Tag exercise answers 


BE the Container 

Answers 



① <tag> 

<description></description 〉 
<name>simple</name> 

<tag-class>foo.SimpleTagTest</tag-class> 
<body-content>empty</body-content> 

</tag> 


Simple Tag : 

<myTags : simple 〉 

This is the body of the tag 
</myTags : simple> 


What do you see in the browser? 


I 七 doesn't wov-k because i*t is supposed *bo have By\ cmp*ty body- 

org.apache.jasper.JasperException : / simpleTagl•j sp(1,7 6) 
According to TLD, tag myTags : simple must be empty, but is not 


If it works, which SimpleTag lifecycle methods are called in the handler? 


hlor\c, bcdausc i*t 
d 。 ⑽’七 wovk- 


□ void doTag() I~~ j JspTao oetParentO I j void setJspBody() I~~ j void setJsoContextf) I j void setParentf) 


② <tag> 

<description></description 〉 
<name>simple</name> 

<tag—class>foo•SimpleTagTest</tag—class> 
<body-content>scriptless</body-content> 
</tag> 


Simple Tag : 
<myTags : simple 〉 
${ 2 * 3 } 

</myTags : simple 〉 


What do you see in the browser? 

丁 ksetP 十 

WITHIN a 妒 H 

I a 《ftPavwtu、 s 

If it works, which SimpleTag lifecycle methods are called in the handler? 

i ^ NOT taUcd- ^ 

void doTag() Q JspTag getParent() l\jtvoid setJspBodyf) void setJspContext() Q void setParentf) 
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What if the tag body uses an expression? 


Imagine you have a tag with a body that uses an EL expression for an attribute. Now 
imagine that the attribute doesn’t exist at the time you invoke the tag! In other words, the 
tag body depends on the tag handler to set the attribute. The example doesn’t do anything 
very useful, but it’s here to show you how it works in preparation for a bigger example. 


The JSP tag invocation 


<myTags : simple3> 

Message is: ${message} 

</myTags : simple3> 


invoked) 





Wk tw»s 

七 a 》•》 七 reta¬ 



il. 


The tag handler doTag() method 

public void doTag() throws JspException,klOException 

get JspCon text () . setAttribute (''message" , ''Wear sunscreen."); 

getJspBody().invoke(null); 

1 ^ 气 sc t'If 法 

Tm mvokes W7- 


ci^krpen your pencil 


Imagine you have a tag that looks like this: 


<table> 

<myTags : simple4> 

<tr><td>${movie }</ td></tr> 
</myTags : simple4> 

</table> 


Imagine that the tag handler has access to an 
array of String movie names, and you want to 
print one row for each movie name in the array. 
In the browser, you’ll see something like: 


l\ f¥l ^ - ■:™ 



Monsoon Wedding 
Saved! 

Fahrenheit 9/11 


Write the tag handler doTag() 
method to support that goal. 


public void doTag() throws JspException, 

工 OException { 
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iterating the body 


A tag with dynamic row data: iterating the body 


In this example, the EL expression in the body of the tag represents a single value in 
a collection, and the goal is to have the tag generate one row for each element in the 
collection. It’s simple — the doTag() method simply does the work in a loop, invoking 
the body on each iteration of the loop. 

The JSP tag invocation 


t at ^ ^ 

\\cd 



<table> 

<myTags : simple4> 


<tr><td>$ {movie } </ tdx/ tr> 
</myTags : simple4> 

</table> 


The tag handler doTag() method 

String [ ] movies = {''Monsoon Wedding", ''Saved!’’，''Fahrenheit 9/11’’}; 


public void doTag() throws JspException, 工 OException { 


for (int i = 0; i < movies.length; i++) { 

getJspContext () . setAttribute (''movie" , movies [i]); 

getJspBody().invoke(null); 



^ — * ’ 陶 ke the body ajaih. 


JSP 


Tag handler 



</tdx/ tr> 
</myTags : simple4> 


int i = 0; i < movies.length; i++) { 

get JspContext () • setAttribute (''movie", movies [i 

getJspBody().invoke(null); 
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A Simple tag with aw attribute 

If the tag needs an attribute, you declare it in the TLD, and provide 
a bean-style setter method in the tag handler class for each attribute. 
If the tag invocation includes attributes, the Container invokes a 
setter method for each attribute. 


The JSP tag invocation 



<table> 

cmyTags : simple5 movieList="$ {movieCollection}"> 

<tr> 

<td>$ {movie . name }W/td> 

<td>${movie.genr^ </td> 

</tr> 

</myTags : simple5> 

</table> 




The tag handler class 




public class SimpleTaqTest5 extends SimpleTaqSupport { 
private List movieLi^ft; 冬 ^ - pcdlavc a 


public void setMovieList(List movieList) { 
this. movieList: 


: =movieList; 

tl^ows JspE> 


⑽緘 ㈣ 匕 


public void doTag() tffirows JspException, 工 OException 
Iterator i = movie 』ist .iterator(); 


while(i.hasNext() 
Movie movie = 
getJspContext( 
getJspBody().i 

} 


The TLD for the tag 


^^ 9^9 ^ ihc fl si 


Movie) i.next (); 

.setAttribute (''movie' 
lvoke(null); 


movie); 


<tag> 

<description>tak^ an attribute and iterates over body</description> 

ne> 

npleTagTest5</tag—class> 

>tless </body-content> 



<name>simple5 </na 
<tag-class>foo.Si 
<body-content 〉 

<attribute> 

<name>movieList</name> 
<required>true</required 〉 

<rtexprvalue>true< / rtexprvalue> 
</attribute> 

</tag> 






Use a ^rc^lav 


*tV>c 
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a JspFragment 


What exactly JS a JspFragmewt? 

A JspFragment is an object that represents JSP code. Its sole 
purpose in life is to be invoked. In other words, it’s something 
that’s meant to run and generate output. The body of a tag that 
invokes a simple tag handler is encapsulated in the JspFragment 
object, then sent to the tag handler in the setJspBody() method. 

The crucial thing you must remember about JspFragment is that it 
must NOT contain any scripting elements! It can contain template 
text, standard and custom actions, and EL expressions, but no 
scriptlets, declarations, or scripting expressions. 

One cool thing is that since it’s an object, you can even pass the 
fragment around to other helper objects. And those objects, in 
turn, can get information from it by invoking the JspFragment^ 
other method — getjspGontext(). And of course once you’ve got a 
context, you can ask for attributes. So the getJspGontext() method 
is really a way for the tag body to get information to other objects. 

Most of the time, though, you’ll use JspFragment simply to output 
the body of the tag to the response. You might, however, want 
to get access to the contents of the body. Notice that JspFragment 
doesn’t have an access method like getGontents() or getBody(). 

You can write the body to something, but you can’t directly get the 
body. If you do want access to the body, you can use the argument 
to the invoke() method to pass in a java.io.Writer, then use 
methods on that Writer to process the contents of the tag body. 


For the exam, and real life, this is probably all you will ever need 
to know about the details of JspFragment, so we won’t spend any 
more time on it in the book. 


Js Pl=rag ment 


TV>c mvokcO ^od iakc 

o, a ^ ^ 7 - 
a^ess -to a^al W7 

wte 士 . 


rhe invokeO to the response 

^ W f n oasr nulUo the invoke method, 
output，p — x do Bu t if you 

Most of 你 : 二 l 一 ” 工 St 

wan t acceS ss - m a writer, then use th 
^ocess P the body in some way. 
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SkipPageException: stops processing the page... 

Imagine you’re in a page that invokes the tag, and the tag depends on specific request 
attributes (that it gets from the JspGontext available to the tag handler). 

Now imagine the tag can’t find the attributes it needs, and that the tag knows the rest 
of the page will never work if the tag can’t succeed. What do you do? You could have 
the tag throw a JspException, and that would kill the page... but what if it’s only the 
rest of the page that won’t work? In other words, what if you still want the first part of 
the page — the part of the page that’s evaluated before the tag invocation — to still appear 
as the response, but you don’t want the response to include anything still left to be 
processed after the tag throws an exception? 

No problem. That’s exactly why SkipPageException exists. 


The tag handler doTag() method 

public void doTag() throws JspException, 工 OException { 

getJspContext() .getOut() •print(''Message from within doTag() .<br >〃）； 
getJspContext() .getOut() .print(''About to throw a SkipPageException ”）； 
if (thingsDontWork) { 

throw new SkipPageException (); 


The JSP that invokes the tag 


^ ^ poihi 


亡 3 _ ih3i ihc ^ 

故 Sf 錄， 


<%@ taglib prefix="myTags 〃 uri= 〃 simpleTags 〃 %> 
<htmlxbody> 


About to invoke a tag that throws SkipPageException <br> 

CmyTags : simple6/> ^ - handled dola^O method 

<br>Back in the page after invoking the tag. above ( 从 at tWoy/s Sk*» P Pay^c ? t.oJ. 

</body></html> 


What is the result if the thingsDontWork test is true? 
Fill in what you’ll see in the browser: 



c^^rpen your pencil 
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the SkipPageException 


SkipPageException shows everything 
up to the point of the exception 

Everything in the doTag() method up to the point of the SkipPageException 
still shows up in the response. But after the exception, anything still left in 
either the tag or the page won’t be evaluated. 


In the JSP 

<%@ taglib prefix= 〃 myTags 〃 uri="simpleTags 〃 %> 
<htmlxbody> 



In the tag handler 

public void doTag() throws JspException, 工 OException { 

(get JspContext () . getOut () .print (''Message from within doTag () .<br >〃）； 

[get JspContext () .getOut() . print (''About to throw a SkipPageException ’’）； 
if (thingsDontWork) { 

throw new SkipPageException(); 
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Put what happens whew the tag is 
invoked from aw included page? 

Look at the code below and figure out what prints when you 
bring up PageA. 

Hint: look in the API for javax.servlet.jsp. SkipPageException. 
Fill in what you’ll see in the browser: 

BOO_ 

[m ] f^| PT] r, http://localhost:8080/tests/PageA.jsp 

DP J2SE 1.5 in a Nutshell Colorado G … opers Home Slashdot: Ne … hat matters orkut - 



O^^rpen your pencil 


PageA JSP that includes PageB 

<htmlxbody> 

This is page (A) that includes another page (B). <br> 
Doing the include now : <br> 

<j sp : include page= 〃 badTagInclude•jsp 〃 / > 

<br>Back in page A after the include.•• 

</body></html> 


PageB (the included file) JSP that invokes the bad tag 

<%@ taglib prefix= 〃 myTags 〃 uri= 〃 simpleTags 〃 %> 

This is page B that invokes the tag that throws SkipPageException. 
Invoking the tag now : <br> 

<myTags : simple6/> 

<br>Still in page B after the tag invocation... 

The tag handler doTag() method 

public void doTag() throws JspException, 工 OException { 

getJspContext() .getOut() •print(''Message from within doTag() .<br >〃）； 
getJspContext() .getOut() .print(''About to throw a SkipPageException ”）； 

throw new SkipPageException(); 
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SkipPageException behavior 


SkipPageException stops ow[y the page 
that directly invoked the tag 


If the page that invokes the tag was included from some other page, only the page 
that invokes the tag stops processing! The original page that did the include keeps 
going after the SkipPageException. 


eoo 




A http://localhost:8080/tests/PageA.jsp 



Or Google 


QP JZSE 1.5 in a Nutshell Colorado C...opers Home Slashdot: Me...hat matters orkyl - home java,net 


» 


This is page (A) that includes another page (B). 
Doing the include now: 

This is page B that invokes the tag that throws 
SkipPageException. Invoking the tag now: 


Message from within doTag(). 

About to throw a SkipPageException 

Back in page A after the include... 


tr: 




PageA JSP that includes PageB 

<htmlxbody> 

This is page (A) that includes another page (B) .<br> 

Doing the include now: <br> 

< j sp : include page=’’badTagInclude • j sp’’ / > 

<br>Back in page A after the include... 

</ body> < /html > d ， s 中 sed k 阿 A 卜七 0 也 

PageB (the included file) JSP that invokes the bad tag 



<%@ taglib prefix= 〃 myTags 〃 uri= 〃 simpleTags 〃 %> 

This is page B that invokes the tag that throws SkipPageException. 
Invoking the tag now: <br> 

<myTags : simple6/> 



The tag handler doTag() method 


Thi 


s 


didh，i P^ijusi 


Wc 


Cx P^ed. 


public void doTag() throws JspException, 工 OException { 

get JspContext () . getOut () • print (''Message from within doTag () .<br >〃）； 
get JspContext () .getOut() . print (''About to throw a SkipPageException ”）； 

伽 _ W W A 一一 • 


throw new SkipPageException() 
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^Jiereiqrejio 

Dumb Questions 


o ： 

What happens to a SimpleTag 
handler after it completes doTagO? 
Does the Container keep it around 
and reuse it? 


A • 

No. SimpleTag handlers 
are never reused! Each tag handler 


instance takes care of a single 
invocation. So you never have to 
worry, for example, that instance 
variables in a SimpleTag handler 
won’t have the correct initial values. 


A SimpleTag handler object will 
always be initialized before any of its 
methods are called. 


o ： 

Do the attribute methods 
in a SimpleTag handler have to be 
of a type that can be automatically 
converted to and from a String? In 
other words, are you stuck with just 
primitives and String values? 


A I 

Weren’t you paying attention 
a few pages back? The attribute we 
sent to the SimpleTag handler was 
an ArrayList of movies. So that would 
be "no”，to answer your question. 
But... if the attribute (which you can 
think of as a property if you think of 
the SimpleTag handler as a bean) is 
NOT a String or primitive, then the 
<rtexprvalue> value in theTLD had 
better be set to true. Because that’s 


the only way you can set an attribute 
value for something that can’t be 
expressed as a String in the tag. In 
other words, you can’t send a Dog into 
the tag if you’re forced to represent 
the Dog as a String literal. But if you 
can use an expression for the value 
of the attribute, then that expression 
can evaluate to whatever object type 
you need to match the argument to 
the handler’s corresponding setter 
method. 


In a SimpleTag handler, if the 
tag is declared to have a body but it 
is invoked using an empty tag (since 
there’s no way to say that a body is 
required), is the setJspBodyO still 
invoked? 


No! The setJspBodyO is 
invoked ONLY if these two things are 
true: 

1) The tag is NOT declared in the TLD 
to have an empty body. 

2) The tag is invoked with a body. 

That means that even if the tag is 
declared to have a non-empty body, 
the setJspBodyO method will not be 
called if the tag is invoked in either of 
these two ways: 

<foo:bar /> (empty tag) 

<foo:barx/foo:bar> (no body). 
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Simple Tag bullet points 


BULLET POINT 



■ Tag Files implement tag functionality using a page, 
while tag handlers implement tag functionality using 
a Java tag handler class. 

■ Tag handlers come in two types: Classic and 
Simple (Simple tags and Tag Files were added in 
JSP2.0). 

■ To make a Simple tag handler, extend 
SimpleTagSupport (which implements the 
SimpleTag interface). 

■ To deploy a Simple tag handler, you must create a 
TLD that describes the tag using the same <tag> 
element used by JSTL and other custom tag 
libraries. 

■ To use a Simple tag with a body, make sure the TLD 
<tag> for this tag does not declare <body-content> 
empty. Then call getJspBody().invoke() to cause 
the body to be processed. 

■ The SimpleTagSupport class includes 
implementation methods for everything in the 
SimpleTag interface, plus three convenience 
methods including getJspBody(), which you can 
use to get access to the contents of the body of the 
tag. 

■ The Simple tag lifecycle: Simple tags are never 
reused by the Container, so each time a tag is 
invoked, the tag handler is instantiated, and its 
setJspContext() method is invoked. If the tag is 
called from within another tag, the setParent() 
method is called. If the tag is invoked with attributes, 
a bean-style setter method is invoked for each 
attribute. If the tag is invoked with a body (assuming 
its TLD does NOT declare it to have an empty body), 
the setJspBody() method is invoked. Finally, the 
doTag() method is invoked, and when it completes, 
the tag handler instance is destroyed. 

■ The setJspBody() method will be invoked ONLY 
if the tag is actually called with a body. If the tag 

is invoked without a body, either with an empty tag 


<my:tag/> or with nothing between the opening and 
closing tags <my:tag></my:tag>, the setJspBody() 
method will NOT be called. Remember, if the tag has 
a body, the TLD must reflect that, and the <body- 
content> must not have a value of “empty”. 

■ The Simple tag’s doTag() method can set an 
attribute used by the body of the tag, by calling 
getJspContext().setAttribute() followed by 
getJspBody().invoke(). 

■ The doTag() method declares a JspException 
and an lOException, so you can write to the 
JspWriter without wrapping it in a try/catch. 

■ You can iterate over the body of a Simple tag by 
invoking the body (getJspBody().invoke()) in a loop. 

■ If the tag has an attribute, declare the attribute in 
the TLD using an <attribute> element, and provide 
a bean-style setter method in the tag handler 
class. When the tag is invoked, the setter method 
will be called before doTag(). 

■ The getJspBody() method returns a JspFragment, 
which has two methods: invoke(java.io.Writer), and 
getJspContext() that returns a JspContext the tag 
handler can use to get access to the PageContext 
API (to get access to implicit variables and scoped 
attributes). 

■ Passing null to invoke() writes the evaluated body 
to the response output, but you can pass another 
Writer in if you want direct access to the body 
contents. 

■ Throw a SkipPageException if you want the current 
page to stop processing. If the page that invoked the 
tag was included from another page, the including 
page keeps going even though the included page 
stops processing from the moment the exception is 
thrown. 
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custom tag development 


Ifs just wonderful 
that JSP spec designers gave 
us Simple Tags and Tag Files, but, 
um, they waited until AFTER my 
company wrote about 10 million 
custom tags using the 
Classic model... 



You still have to kwow about 
Classic tag handlers 

You might get lucky. Maybe the place you work 
is starting out with JSP 2.0, and can use Tag 
Files and SimpleTag handlers from the start. 

That could happen. 

But it probably won’t. Chances are, you’re 
working (or will work in the future) somewhere 
that’s been using JSPs since the pre-2.0 days, 
using the Classic tag model for writing custom 
tag handlers. 


You probably need to at least be able to read the 
source code for a Classic tag handler. You might 
be called on to maintain or refactor a Classic 
tag handler class. 


But even if you don’t ever have to read or 
write a Classic tag handler, they’re still covered 
(very lightly) by one of the exam objectives. Be 
grateful — on the previous version of the exam 
you might have seen at least seven or eight 
Classic tag handler questions on the exam. 
Today, exam candidates will see only a couple 
of questions on Classic tag handlers. 
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Tag API 


Tag handler API 


Everything in a 
grey box is from the 
original (Classic) tag 
model for custom tag 
handlers. 


JspTag interface 


《 interface 〉〉 

JspTag 


//no methods; this interface is for 
//organization and polymorphism 




\)0^ 


SimpleTag interface 





ag interface 


/ 

〈〈 interface 〉〉 

SimpleTag 


《 interface 》 

Tag 

void doTag() 


int doEndTag() 

JspTag getPareritf) 


Tag getPareritf) 

void setJspBody(JspFragment) 


int doStartTag() 

void setJspContext(JspContext) 


void setPageContext(PageContext) 

void setParent(JspTag) 


void setParent(Tag) 



void releasef) 




SimpleTagSupport class Iteration interface 



SimpleTagSupport 


void doTagf) 

JspTag findAncestorWithClass ( 

JspTag, Class) 

JspFragment getJspBody() 

JspContext getJspContext() 

JspTag getParent() 

void setJspBody(JspFragment) 

void setJspContext(JspContext) 

void setParent(JspTag) 


《 interface 》 

IterationTag 


int doAfterBodyf) 


BodyTag 


V 


interface 


《 interface 》 

BodyTag 


void dolnitBodyf) 

void setBodyContent(BodyContent) 


K 


is il ? T ^ 

^ Sl ^pleTa 3 API. Thc 

气万 3 sup 心“心 

Class\t iag AP/. 


The tag Kandler API 
has five interfaces and 
tee support classes. 

There's virtually NO 

reason to implement ^ie 
interfaces directly, so 
you’ll probably always 
extend a support class. 










TagSupport class 

TagSupport 

int doAfterBodyf) 
int doStartTag() 
int doEndTag() 

void setPageContext(PageContext) 
II more methods... 


\ 


\ 


\ 



N s BodyTagSupport class 


\ 


BodyTagSupport 


int doStartTag() 

BodyContent getBodyContent() 
void dolnitBodyf) 

void setBodyContent(BodyContent) 
II more methods... 
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custom tag development 


A very small Classic tag handler 

This example is so basic that it’s not much different from a SimpleTag handler’s 
doTag() method. In fact the differences won’t become painful until you try to 
process a tag with a body (but you’ll just have to wait for that). 


A JSP that invokes a Classic tag 


<%@ taglib prefix= 〃 mine 〃 uri= 〃 KathyClassicTags 〃 %> 
<htmlxbody> 

Classic Tag One : <br> 

〈 mine:classicOne /> ^ - 

</body></html> 




The TLD <tag> element for the Classic tag 


<tag> 

<description>ludicrous use of a Classic tag</description> 
<name>classicOne</name> 

<tag-class>foo.Classicl</tag-class> 

<body-content>empty</body-content 〉 

</tag> 


The Classic tag handler 

package foo; 

import j avax.servlet.j sp.*; 
import j avax.servlet.j sp.tagext 
import j ava.io.*; 


,.Jfov tcv-tam *bw»s <^> 
(mstcad ^ a s 、 —eTa$ 

td ^ TUP -uld 




public class Classicl extends TagSupport { 

public int doStartTag () throws JspException 
JspWriter out = pageContext.getOut(); 


try 


out. print In (''classic tag output ’’）； 
catch ( 工 OException ex) { 
throw new JspException (''IOException- 


return SKIP 一 BODY; 

I/Ve Kavc *to v-c*tuv-^ ^ "to tell 


， ) 缝 j ，泥 4 = 7 — 

va ^ bl ,i 5S 忱 


Classic 

liable 


+ ex.toString()); 

Wc\rc 


y/c use a i^y/caicK 


七 he Cohta'mcv- y/Ka*t *to do 从 % 七 . 

MuA rrort tV^'is to 州 m”？. 
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Classic tag 


A Classic tag bawdier with TWO methods 

This example overrides both the doStartTag() and doEndTag() methods, although 
it could accomplish the same output all within doStartTag(). The point of 
doEndTag() is that it’s called after the body is evaluated. We don’t show the TLD 
here, because it’s virtually identical to the previous one, except for some of the 
names. The tag is declared to have no attributes, and an empty body. 


A JSP that invokes a Classic tag 

<%@ taglib prefix="mine 〃 uri=〃KathyClassicTags 
<htmlxbody> 

Classic Tag Two : <br> 

〈 mine:classicTwo /> 

</body></html> 


%> 


The Classic tag handler 






^ess ^ add 


public class Classic2 extends TagSupport 
JspWriter out; 


public int doStartTag () throws JspException { 
out = pageContext.getOut (); 
try { 

out. println (''in doStartTag () 〃）； 

} catch (工 OException ex) { 

throw new JspException (''IOException- '' + ex . toString ()); 


return SKIP BODY 




method- 


七 oM 一 J 




public int doEndTag () throws JspException 
try { 

out • println (''in doEndTag () 〃）； 

} catch ( 工 OException ex) { 

throw new JspException (''IOException- 


+ ex.toString()); 


return EVAL PAGE 







Pposcd 

9 ^ 


Classic Tag Two: 
in doStartTag() in doEndTag() 
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custom tag development 


Whew a tag has a body: comparing Simple vs. Classic 

Now it starts to look different from a SimpleTag. Remember, SimpleTag bodies 
areevaluated when (and if) you want by calling invoke() on the JspFragment that 
encapsulates the body. But in Classic tags, the body is evaluated in between the doStartTagf) 
and doEndTagQ methods! Both of the examples below have the exact same behavior. 


The JSP that uses the tag 

<%@ taglib prefix="myTags" uri="myTags" %> 

<htmlxbody> 

CmyTags:simpleBody> 

This is the body 
</myTags : simpleBody> 

</body></html> 

A SimpleTag handler class 

// package and imports 

public class SimpleTagTest extends SimpleTagSupport { 

public void doTag() throws JspException, 工 OException { 
get JspContext () . getOut () . print (''Before body .”）； 

getJspBodyO . invoke (null) ; < - This causes body *to be evaludied- 

get JspContext () . getOut () .print (''After body .”）； 


A Classic tag handler that does the same thing 


// package and imports 

public class ClassicTest extends TagSupport { 
JspWriter out; 


public int doStartTag() throws JspException { 
out = pageContext.getOut(); 
try { 

out. print In (''Before body .’’）； 

} catch (工 OException ex) { 

throw new JspException (''IOException-、' + ex . toString ()); 


return EVAL BODY INCLUDE; 




THIS is y/ha*t causes 
evaluated m a Classic 


body *to be 
\t 


public int doEndTag () throws JspException { 
try { 

out. print In (''After body .’’）； 

} catch (工 OException ex) { 

throw new JspException (''IOException- '' + ex . toString ()); 

} 

return EVAL—PAGE; 
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iterating with Classic tags? 


But how do you loop over the 
body? It looks like doStartTagQ is 
called too early, and doEndTagQ is too 
late, and I don't have any way to keep 
re-invoking the body evaluation... 


% 



Simple tag 

// package and imports 

public class SimpleTagTest extends SimpleTagSupport { 
public void doTag() throws JspException, 工 OException 
for(int i = 0; i < 3, i++) { 

getJspBody().invoke(null); 


/ts 

you 


withih doTagO. 》 


V 


Classic tag 

// package and imports 

public class ClassicTest extends TagSupport { 

public int doStartTag() throws JspException 
return EVAL BODY INCLUDE; 


4 IN a method like doTagO? 


public int doEndTag() throws JspException 
return EVAL PAGE; 
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Classic tags have a different lifecycle 

Simple tags are simple — it’s all about doTag(). But with classic tags, 
there’s a do^ter^Tag() and a doEncfTagQ. And that brings up an 
interesting problem — when and how is the body evaluated? There’s 
no doBody() method, but there is a doAfterBody() method that’s 
called after the body is evaluated and before the doEndTagQ runs. 


Web Container 

n 

[Container I 

I 

! Load class. 


Classic tag class Tag Handler Object 


101101 


101101 


10101000010 

1010 10 

0 

01010 1 


1010101 


10101010 


1001010101 



ClassicHandler.class 


Instantiate class (no-arg constructor runs). 


c 。加 S :3 二咖 c 、 as 


Call the setPageContext(PageContext) method. 


If the tag is nested (invoked from within another 
tag), call the setParent(Tag) method. 


If the tag has attributes, call attribute setters. 


Call the doStartTag() method. 


If the tag is NOT declared to have an empty 
body, AND the tag is NOT invoked with an empty 
body, AND the doStartTag() method returns 
EVAL—BODY—INCLUDE, the body is evaluated. 


If the body content was evaluated, call the 
doAfterBodyO method. 


Call the doEndTag() method. 


* 




This jives 七 he handler a 

-to a PagcCo^-tc^t 

A nested ^ ^ 

if th )' ^ is with 抓 •• 

attinbutc ,S called (just as with 

hdhdlevs). 


do£ia ， i % 5 0 a ,d doE,dTa 3 0 
doA^WBodvO le-b 7 ou dotWmy 


oUcv methods 
七心 oUC 


S 3 
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Classic tag lifecycle 


The Classic lifecycle depends on return values 

The doStartTag() and doEndTag() methods return an int. That int tells the 
Container what to do next. With doStartTag(), the question the Container 
asks is, “Should I evaluate the body?’’ (assuming there is one, and assuming 
the TLD doesn’t declare the body as empty). 

With doEndTag(), the Container asks, “Should I keep evaluating the rest of 
the calling page?” The return values are represented by constants declared in 
the Tag and IterationTag interfaces. 


Possible return values when 
you extend TagSupport 

doStartTagf) 

SKIP 一 BODY 

EVAL 一 BODY 一 INCLUDE 

doAfterBodyf) 

SKIP 一 BODY 

EVAL 一 BODY 一 AGAIN 


r doStartTag () j 


return SKIP BODY 


return EVAL BODY INCLUDE 




return EVAL 一 BODY AGAIN 


^ r 


doEndTag() 

SKIP 一 PAGE 

EVAL PAGE 




C 


The constants used as return 
values for doStartTagO and 
doEndTag() return value constants 
are inconsistently named. 

With doStartTagf), the return values are 

S^P B^ W， 

doEndTagO, the values are SKIP 一 PAGE and 

二 consistent, 祉，以： 口 

EVAL_PAGEJNCLUDE (as opposed 

Rut i/s not! So don^t be fooled if you see code 
on the exam with correct-looking (but wrong) return values. 


doAf terBody () 


return SKIP BODY 


doEndTag() 


return EVAL PAGE 



return SKIP PAGE 



S^|p _(ronx doB^dlagO is 
e 乂 adJy like th\row*mg a SkipRagcE^cpiioh 
a 。你 pk -tag/ l-f a page i^ludcd -the page -that 
invoked the -the duv-vc^-t (mduded) page s-tops 
pv-odcssmj, but the ihdludi^ page 匕 oirtmues … 
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custom tag development 


ItcratiowTag lets you repeat the body 

When you write a tag handler that extends TagSupport, you get all the lifecycle methods from the 
Tag interface, plus the one method from IterationTag — doAfterBody(). Without doAfterBody(), 
you can’t iterate over the body because doStartTag() is too early, and doEndTag() is too late. 

But with doAfterBody(), your return value tells the Container whether it should repeat the body 
again (EVAL_BODY—AGAIN) or call the doEndTagQ method (SKIP_BODY). 


Tag interface 


〈〈 interface 〉〉 

Tag 


int doEndTagf) 

Tag getParentf) 
int doStartTag() 

void setPageContext(PageContext) 
void setParent(Tag) 
void release() 


Iteration 



interface 


〈〈 interface 〉〉 

IterationTag 


int doAfterBodyf) 


TagSupport class 

I 

TagSupport 

int doAfterBodyf) 
int doStartTag() 
int doEndTagf) 

void setPageContext(PageContext) 
II more methods... 


ci^kirpen your pencil 


Try to implement the same functionality of this 
SimpleTag doTag() in a Classic tag handler. Assume 
the TLD is configured to allow body content. 


public void doTag() throws JspException, 工 OException { 
String [ ] movies = {''Spiderman", ''Saved!’’ ， ''Amelie’’}; 
for (int i = 0; i < movies.length; i++) { 

get JspContext () . setAttribute (''movie”，movies [i]); 
getJspBody().invoke(null); 


// padkajc Bv\d impov-b 

publid dlass My|*tc\ra*bov7a5 c 乂 "tends TajSuppov-t { 

publid’m 七 doS-tav-tla^O *th\rov/s { 


pulolid *m*t doA-ftcv-BodyO -tlvrov/s JspE^cp*tioir\ { 


publid nrrt doE^dlagO *th\roy/s JspE>cdcp*tioir\ { 

} 
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Classic tag exercise 




BE the Container 

Look at tire legal tag handler code below and 
figure out whether it would give you tire result 
shown, ^iven the JSP tag invocation 
listed below. TMs is also tire same 
result produced by{ke ClassicTa^ 
handler from tire previous pa^e. Yes, 
we’re answering tire Sharpen Your 
Pencil witii yet anotiier exercise... 


The tag handler class 

// package and imports 

public class MylteratorTag extends TagSupport { 

String [ ] movies= new String [ ] {''Spiderman", ''Saved!’’ ， ''Amelie’’}; 

int movieCounter; 

public int doStartTag() throws JspException { 
movieCounter=0; 


return EVAL_BODY_INCLUDE; 
public int doAfterBody() throws JspException { 


if (movieCounter < movies.length) { 

pageContext. setAttribute (''movie”，movies [movieCounter]); 

movieCounter++; 

return EVAL—BODY—AGAIN; 

} else { 

return SKIP—BODY; 

} _ 

} 

public int doEndTag() throws JspException { 
return EVAL_PAGE; 


JSP that invokes the tag 


Desired result 


<%@ taglib prefix= 〃 mine 〃 uri= 〃 KathyClassicTags" %> 
<htmlxbody> 

<table border= 〃 l〃> 

<mine : iterateMovies> 

<tr><td>${movie}</td></tr> 

</mine : iterateMovies> 

</table> 

</body></html> 


_ 0 http://localhost:8080/tests/PageA.jsp 

LP J3SL B.S b j <£4kca4« C n 


Spiderman 


Saved! 


Amelie 
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custom tag development 


default returw values from TagSupport 

If you don’t override the TagSupport lifecycle methods that return 
an integer, be aware of the default values the TagSupport method 
implementations return. The TagSupport class assumes that your tag 
doesn’t have a body (by returning SKIP_BODY) from doStartTag()), 
and that if you DO have a body that’s evaluated, you want it 
evaluated only once (by returning SKIP_BODY from doAfterBody()). 
It also assumes that you want the rest of the page to evaluate (by 
returning EVAL-PAGE from doEndtagQ). 


Default return values when you don’t override the 
TagSupport method implementation 

doStartTagf) 

(^SKIP^BODY^) 

EVAL BODY INCLUDE 


doAfterBodyQ 



EVAL BODY AGAIN 


doEndTagf) 

SKIP PAGE 



The TagSupport class 
assumes your tag doesn't 
have a body, or 也 at if 也 e 
body IS evaluated 也 at 也 e 
body should be evaluated 
only ONCE. 

It also assumes 也 at you 
always want the rest of the 
page to be evaluated. 


doStartTagO and 
doEndTagO run 
exactly onc©_ 

You really must know this lifecyde for the 

exam. Don’t forget that doStartTag; = 

doEndTagO are always called, and they re 
called only once, regardless of anything 
else that happens. But doAfterBodyO 
can run from 0 to many times, depending 
on the return value of doStartTagO and 
previous doAfterBodyO calls. 


You MUST override doStartTagO 
if you want the tag body to be 
evaluated!! 

Think about it! The default return value from 
doStartTagf) is SKIP—BODY, so if you want the body 
of your tag evaluated, and you extend TagSupport 
\° h U MU ST override doStartTagf) if for no other reason 
_ to return EVAL_BODYJNCLUDE. 

湖化 doAfterBodyO, it should be obvious that if you 

Wan 丄 t0 ltera te over the body，you have to override that 

method as well, since its return value is SKIP—BODY. 
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Classic tag exercise answers 



BE lire Container Answer 


Desired result 


F3S0Q M http://localhost:8080/tests/PageA.jsp 

Cl »c4ri Hnitir ^d"ihilul: Nr h«l nuEln-h urkul I 


nl J2SE l.i in d Nul^Krll 




Spiderman 


Saved! 


Amelie 


The tag handler class 

public class MylteratorTag extends TagSupport { 
String [ ] movies= new String [ ] {''Spiderman ”， 
int movieCounter; 

public int doStartTag() throws JspException 
movieCounter=0; 


pageContext. setAttribute (''movie 
movieCounter++; 


return EVAL BODY INCLUDE 


Actual result (unless you add the 
two lines highlighted below) 



Saved 


、 Amelie”}; 


t t 二匕 e . 




movies[movieCounter]); 


public int doAfterBody() throws JspException { 
if (movieCounter < movies.length) { 

pageContext. setAttribute (''movie”，movies [movieCounter]); 
movieCounter++; 
return EVAL—BODY—AGAIN; 

} else { 

return SKIP BODY; 


public int doEndTag() throws JspException 
return EVAL PAGE; 


JSP that invokes the tag 

<%@ taglib prefix= 〃 mine 〃 uri="KathyClassicTags" %> 
<htmlxbody> 

<table border= 〃 l〃> 

<mine : iterateMovies> 

<tr><td>${movie}</td></tr> 

</mine : iterateMovies> 

</table> 

</body></html> 


广 S d ff^Body() r, C -thod was 

aC； b h，y AFTBR 

槪 “ y ” e fe; ell . 
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custom tag development 


^Jiereiqrejio 

Dumb Questions 


o ： 

This seems stupid — there’s 
duplicate code in doStartTagO and 
doAfterBodyO. 


A I 

Yes, there’s duplicate code. 

In this case, if you’re implementing 
TagSupport, and you want to set 
values the body can use, then you 
MUST set those attribute values in 
doStartTagO. You can’t wait until 
doAfterBodyO, because by the time 
you get to doAfterBodyO, the body 
has already been processed once. 

Yes, it's kind of stupid. Which is why 
SimpleTag is so much better. Of 
course if you were writing the code, 
you’d make a private method in your 
tag handler... say, setMovieO, and 
you’d call that method from both 
doStartTagO and doAfterBodyO. But 
it’s still an awkward approach. 


0： 

WHY are you setting 
the instance variable value 
for movieCounter INSIDE the 
doStartTagO method? Why can’t you 
just initialize it when you declare it? 


A: 


Yikes! Unlike SimpleTag 


handlers, which are never reused, a 


Classic tag handler can be pooled 
and reused by the Container. That 
means you’d better reset your 
instance variable values with each 


new tag invocation (which means in 
doStartTagO). Otherwise, this code 
works the first time, but the next time 
a JSP invokes it, the movieCounter 
variable will still have its last value, 
instead of 0! 


The Container can 
IC0IJSG Classic 
handlers! 

Watch out—this is completely different 
from SimpleTag handlers, which are 
definitely NOT reused. That means you 
have to be very careful about instance 
variables—you should reset them in 

doStartTagO- n 

The Tag interface does have a release 。 

method, but thafs called only when 
the tag handler instance is about to be 
removed by the Container. So don t 
assume that releasef) is a way to reset 
the tag handler’s state in between tag 
invocations! 
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automating a select tag 


OK, let's get real... 


Remember the beer webapp from Chapter 3? Let’s 
improve it a bit, and automate part of the HTML form: 

<form method= 〃 POST 〃 action= 〃 SelectBeer•do〃> 
<p>Select beer characteristics : </p> 


Color : 

<select name = r color^ size =/, 1 r > 

<option value= A light'> light </option> 
<option value= ' amber A > amber </option> 
<option value= ' brown '> brown </option> 
<option value= ' dark A > dark </option> 

</select> 


m <sclc6t> dome 


<br><br> 

<input type= 〃 SUBMIT〃> 
</form> 


If we make the options dynamic, they’ll be easier to 
update and change, without messing around with the 
HTML. Instead, we want the options to be generated 
from a Java List created in the web application. So 
here’s the custom tag we want to build: 

<form method= 〃 POST 〃 action= 〃 SelectBeer•do〃> 

<p>Select beer characteristics : </p> 

Color : 

<formTags : select name= r colors size = r 1 r 

optionsList= A $ {applicationScope. colorList } r /> • u，,f v a,ues. 


options 一 6odi% busmess 

ddld m ^ HTML 


<br><br> 
<input type: 
</form> 



SUBMIT〃> 
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custom tag development 


Cf^^rpen your pencil 


Your mission (if you choose to accept it) is to complete 
the implementation of the select tag handler. 

First, the handler class needs to implement setter 
methods for each tag attribute; here’s a skeleton to get 
you started: 

package com.example.taglib; 

// assume all needed import statements 



SelectTagHandler 


+setOptionsList(List) 

+setName(Stririg) 

+setSize(String) 

+ doTag() 

— 


public class SelectTagHandler extends SimpleTagSupport { 

// store the 'optionsList^ attribute 


// store the 、 name f attribute 


// store the 'size' attribute 




6(o ahead 曾心 
>youv todt rn m 

spates 

七 he 



Continues over the page 
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coding the se/ecf tag 


t^arpen your pencil 

Next, comp 


complete the implementation of the select tag 
handler class by writing the doTag () method. We’ve 
provided the method signature and a few helpful 
comments help you out. Don’t forget to take a look at the 
HTML that this tag needs to generate on page 542. 


// generate the <select> and <option> tags 

public void doTag() throws JspException, IOException { 

PageContext pageContext = (PageContext) getJspContext(); 
JspWriter out = pageContext.getOut(); 

// Start the HTML <select> tag with HTML-specific attributes 


AWe Code -fco wvi-tc, 



// Generate the <option> tags from the optionsList 


// End the HTML </select 〉 tag 


} // // END of doTag() method 


} // END of SelectTagHandler 



K v 一 d add^o.a\ 


Continues over the page 
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custom tag development 



" Now you need to configure the select tag in the TLD file. 

The boilerplate elements of the TLD are already provided 
for you. You just need to add the element to declare the 
select tag, its handler class, and all its attributes. 

<?xml version= 〃 l•0 〃 encoding= 〃 ISO-8859-l 〃 ？> 

<!DOCTYPE taglib 

PUBLIC ''-//Sun Microsystems, 工 nc.//DTD JSP Tag Library 1.2//EN” 
''http : //j ava. sun. com/ j 2ee/dtds/web-j sptaglibrary_l_2 . dtd"> 

<taglib> 

<tlib-version>l.2</tlib-version> 

<jsp-version>l.2</jsp-version> 

<short-name>Forms Taglib</short-name> 

<uri>http :// example.com/tags/forms</uri> 

〈 description 〉 

An example tab library of replacements for the HTML form tags. 
</description 〉 

<tag> 

<!-- Add elements to declare the tag name, class and body type ——> 


<!—— Add elements for optionsList attribute ——> 



<!-- Add elements for name attribute ——> 



Add m 

/ML* 


dicstv^^- 


<!-- Add elements for size attribute ——> 


</tag> 
</taglib> 
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handling attributes 



Your mission (if you chose to accept it) was to complete 
the implementation of the select tag handler. The 
handler had to implement setter methods for each 
tag attribute. The handler also had to implement the 
doTag () method. 

package com.example.taglib; 

// assume all needed import statements 



SelectTagHandler 


+setOptionsList(List) 

+setName(String) 

+setSize(String) 

+ doTag() 


public class SelectTagHandler extends SimpleTagSupport { 


private List optionsList; 

// store the 'optionsList^ attribute 
public void setOptionsList(List value) 
this.optionsList = value; 


Setter method ahd 

*ipoV " 七 lie 

optiohsLisi attribute. 


private String name; 

// store the 'name' attribute 
public void setName(String value) 
this.name = value; 


Zu 十 


private String size; 

// store the 'size 7, attribute i i j 

Scttcv" method 

public void setSize (String value) { - vav-iaklc -for 

this, size = value; the siz^ a*t*tv-»bu*tc- 

} 

// other SelectTagHandler code 
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custom tag development 


e^^rpen your pencil 

Next, you had to complete the implementation of the 
select tag handler class by writing the doTag () method. 
Here’s the code we used: 


// generate the <select> and <option> tags 

public void doTag() throws JspException, IOException { 

PageContext pageContext = (PageContext) getJspContext(); 

JspWriter out = pageContext.getOut(); 

// Start the HTML <select> tag with HTML-specific attributes 
out.print (''<select、'); 

out.print (String. format (ATTR_TEMPLATE, ''name”，this . name)); 
out • print (String • format (ATTR—TEMPLATE, ''size’’，this .size)); 
out.printIn(V); 


UeHTMU 
uses ^ 



// Generate the <option> tags from the optionsList 

this . optionsList ) { The oftio^sList objedt is 

used xo the HTML 

<optio^> *t35 s， 

String.format(OPTION TEMPLATE, option.toString()); 


for ( Object option 
String optionTag 



out.printIn(optionTag) 


// End the HTML </select> tag 
out .println (、' </select>"); ^ - 

// END of doTag() method 


Fihally, the tag hahdl 饮 
output the dlosiha 

ttTTWL </sclcdi> 


private static final String ATTR—TEMPLATE = ''%s= f %s /， '' 
private static final String OPTION—TEMPLATE 

= '' <option value= A %l$s A > %l$s </option>^; 


// END of SelectTagHandler 






^ S*br— 60 於 ta 

todc wove v-c 
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the deployment descriptor 


e^^rpen your pencil 


Then, you had to configure the select tag in the TLD file. 

Here’s what we did to add the element to declare the select 
tag, its handler class, and all attributes. 

<?xml version= 〃 l .◦〃 encoding= 〃 ISO-8859-l” ?> 

<!DOCTYPE taglib 

PUBLIC ''-//Sun Microsystems, 工 nc.//DTD JSP Tag Library 1.2//EN 
''http : //j ava . sun. com/ j 2ee/dtds/web-j sptaglibrary_l_2 . dtd’’> 

<taglib> 

<tlib-version>l.2</tlib-version> 

<jsp-version>l.2</jsp-version> 

<short-name>Forms Taglib</short-name> 

<uri>http :// example.com/tags/forms</uri> 

〈 description 〉 

An example tab library of replacements for the HTML form tags. 
</description 〉 


<tag> 


ag ia^s ^ 

<name>select</name> ^ ^ SS; 


<tag-class>com.example.taglib.SelectTagHandler</tag 一 class> 
<body-content>empty</body-content> 


<attribute> 

<name>optionsList</name> 

<type>java.util.List</type: 
<required>true</required 〉 
<rtexprvalue>true</rtexprvalue> 



心 "Uc cxp^ssioh i h -the value. 


</attribute 〉 
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custom tag development 


e^^rpen your pencil 


<attribute> ^ - - 

attriku-tcs a^TC ^ easier 
because v/c cby \ attest *t^c 
data *b/? e drfaul 七 (SV”). 

<name>size</name 〉 

<required>true</required 〉 

</attribute 〉 

</tag> 

</taglib> 


<name>name</name> 
<required>true</required 〉 
</attribute 〉 



<attribute> 







Do you think the name and size attributes should 
allow runtime values? Why or why not? 


you are here ► 


549 








we forgot some attributes 


Our dynamic 〈 select〉tag isn't complete... 



Wait a minute... if our select tag is 
trying to mimic the standard HTML 
<select> tag, then we need to include 
attributes for all of the <select> tag 
attributes, not just name and size. 


The HTML 〈 select〉tag accepts many more tag attributes 
than just name and size: 


Core attributes: id, class, style, and title 

Internationalization attributes: lang and dir 
Event attributes: onclick, ondblclick, onmouseup, 


onmouseup, onmouseover, onmousemove, 
onmouseout, onkeypress, onkeyup, and 


onkeydown 

Form attributes: name, disabled, multiple, size, 

tabindex, onfocus ， onblur, and 
onchange 


YoiA use 
these bo 
make list 
bo^cs a^d 
|is*t 



My craft woiVt 
shine without being 
able to apply styles. 


Don*t tie my hands... I 
need to make list boxes as 
well as list menus. 


Man! How am 
I supposed to 
add cool behavior 
without the event 
attributes? 
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custom tag development 


Wc could just add more custom tag attributes … 





Don't get all worked up, I can fix 
this... no problemo! 

I'll just add more attribute setters to 
the handler class and declarations to 
the TLD. No muss, no fuss. 


Gary’s design is very simple; we 
just need to add a setter method 
for all of the HTML pass-through 
tag attributes The UML for the tag 
class is on the right, with all the 
methods we’ll need to add. 

Here’s the code to make this work: 


public class SelectTagHandler extends SimpleTagSupport { 
// tag attribute (setters and instance variables) 
public void setOptionsList(List value) { 
this . optionsList = value; 

i \ 

This is the ov\bf 
a*t*tv"ibu*tc wc added 

public void setld (String id) { ^ *to "the sclent 
this.id = id; 


private List optionsList = null 


private String id; 

public void setClass(String styleClass) 
this.styleClass = styleClass; 


private String styleClass; 


SelectTagHandler 

+setOptionsList(List) 

+setld(String) 

+setClass(String) 

+setStyle(String) 

+setTitle(String) 

+setLang(String) 

+setDir(String) 

+setOnclick(String) 

+setOndblclick(String) 

+setOnmouseup(String) 

+setOnmousedown(String) 

+setOnmouseover(String) 

+setOnmousemove(String) 

+setOnmouseout(String) 

+setOnkeypress(String) 

+setOnkeydown (String) 

+setOnkeyup(String) 

+setName(String) 

+setSize(String) 

+setMultiple(String) 

+setDisabled(String) 

+setTabindex(String) 

+setOnfocus(String) 

+setOnblur(String) 

+setOnchange(String) 

+doTag() 


// more code on the next page 


The \rwt o-p -the *tclj buttes arc 

+oir the y/cb birowsev. This iaa hdhdler 

simply passes them ih\rouah *to the 
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pass-through attributes 


Sow of more tag attributes 


public void setStyle(String style) { 
this.style = style; 

} 

private String style; 

public void setTitle(String title) { 
this . title = titled- 

private String title; 

public void setLang(String lang) { 
this.lang = lang; 

} 

private String lang; 

public void setDir(String dir) { 
this.dir = dir; 

} 

private String dir; 

public void setOnclick(String onclick) { 
this.onclick = onclick; 

} 

private String onclick; 

public void setOndblclick(String ondblclick) { 
this.ondblclick = ondblclick; 

} 

private String ondblclick; 

public void setOnmouseup(String onmouseup) { 
this.onmouseup = onmouseup; 

} 

private String onmouseup; 

public void setOnmousedown(String onmousedown) 
this.onmousedown = onmousedown; 

} 

private String onmousedown; 

public void setOnmouseover(String onmouseover) 
this.onmouseover = onmouseover; 

} 

private String onmouseover; 

// more code on the next page 



^A\tr attnWtes- 
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custom tag development 


The return of the sow of more tag attributes 


public void setOnmousemove(String onmousemove) 
this.onmousemove = onmousemove; 

} 

private String onmousemove; 

public void setOnmouseout(String onmouseout) { 
this.onmouseout = onmouseout; 

} 

private String onmouseout; 


public void setOnkeypress(String onkeypress) { 

this.onkeypress = onkeypress; 

} 

private String onkeypress; 

public void setOnkeydown(String onkeydown) { 
this.onkeydown = onkeydown; 

} 

private String onkeydown; 

public void setOnkeyup(String onkeyup) { 
this.onkeyup = onkeyup; 

} 

private String onkeyup; 

public void setName(String value) { 
this.name = value; 

} 

private String name; 

public void setSize(String value) { 
this.size = value; 

} 

private String size; 

public void setMultiple(String multiple) { 
this.multiple = multiple; 

} 

private String multiple; 


public void setDisabled(String disabled) { 
this.disabled = disabled; 

} 

private String disabled; 

// even more code on the next page 


Vup, you got it... cvch 
-tag a-t-tv-ibu-tes. 
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even more pass-through attributes 


rm getting sick of these tag attributes! 


public void setTabindex(String tabindex) { 
this.tabindex = tabindex; 

} 

private String tabindex; 

public void setOnfocus(String onfocus) { 

this.onfocus = onfocus; 

} 

private String onfocus; 

public void setOnblur(String onblur) { 

this.onblur = onblur; 

} 

private String onblur; 

public void setOnchange(String onchange) 
this.onchange = onchange; 

} 

private String onchange; 

// generate the <select> and <option> tags 

public void doTag() throws JspException, 工 OException { 

PageContext pageContext = (PageContext) getJspContext(); 
JspWriter out = pageContext.getOut(); 

// Start the HTML <select> tag with HTML-specific attributes 



VES WC ^al\y 
Ao ^ -the iaa ' 
attribute setters. 



out.print (''<select ; 

// add mandatory attributes 

out•print(String•format(ATTR—TEMPLATE, ''name", this.name)); 

// add optional attributes 
if ( this.id != null ) 

out .print (String • format (ATTR—TEMPLATE, 、 'id’’，this . id)); 
if ( this.styleClass != null ) 

out .print (String • format (ATTR—TEMPLATE, ''class’’，this . styleClass)); 
if ( this.style != null ) 

out .print (String • format (ATTR—TEMPLATE, ''style’’，this . style)); 
if ( this.title != null ) 

out.print(String•format(ATTR—TEMPLATE, ''title", this.title)); 
if ( this.lang != null ) 

out .print (String • format (ATTR—TEMPLATE, 、 'lang’’，this . lang)); 
if ( this.dir != null ) 

out.print(String•format(ATTR—TEMPLATE, 、 'dir 〃， this.dir)); 


u , . m s 七 •lUore 乙 odrTk doTa^O -.st st，ll 

are \1 ^ so^ats = 七 ^ 今 — of & 成 


554 chapter 10 



custom tag development 


No, STOP, please! 
Thafs quite enough 
already. 


Ugh, look at all of 
those silly setter methods. 
Creating code like this is so 
tedious. There's got to be a 
better way, right? 



You’re right. This solution sucks. And it’s tons of code to 
keep up with. Worse, what if we want to create a suite of 
custom tags to augment other HTML tags?! 

The tag handler class must implement a setter method for 
each of the tag attributes declared in the TLD. But these 
setter methods aren’t really doing anything interesting. The 
values of these attributes are simply passed on to the output 
generated for the HTML 〈 select 〉 tag. 

We could apply an design principle: “Encapsulate that 
which varies/' In this case the set of optional HTML 
tag attributes is the thing that varies in this tag handler. 
One solution would be to put all of the attributes into 
a hashtable. This generalizes the tag object’s storage of 
attributes, but what about all these setter methods? We can’t 
get rid of them unless there’s a way to tell the JSP engine to 
set the tag attributes using a generic interface. 


来 This design p\r*mdiplc is discussed oy \ 
Wcad Fiirsi Objcfit-Ovichtcd Analysis 

Design oy \ Z%). 

dou\rsc, wc would hcvc\r shamelessly 
H u 9 如 other Head Fiv-st book, Vigh-t? 
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dynamic is more flexible 


Q O 



Didn*t you know?!?!? 

The JSP spec provides an 
API just for this purpose. 
The DynamicAttribute 
interface is all you need. 




You will not be tested on 
the method signature 
and definitely not on the 
purpose of the uri parameter. 

Hell, we don J t even know what it’s for. 
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custom tag development 


Our tag handler code using the 
PywamicAttributGs interface 


Let’s examine how DynamicAttributes looks in action. First, our 
tag handler class must implement the DynamicAt tributes interface 
from the JSP API. And that interface requires you to implement the 
setDynamicAttribute () method. This method needs to store the 
attribute name/value pairs; a hashmap is the perfect data structure to 
hold this information: 


package com.example.taglib; 

import java•io •工 OException; 
import j ava.util.HashMap; 
import j ava.util.List; 
import j ava.util.Map; 

import javax.servlet.j sp.JspException; 

import javax.servlet.j sp.JspWriter; 

import javax.servlet.j sp.PageContext; 

import javax.servlet.j sp.tagext.DynamicAttributes; 

import javax.servlet.j sp.tagext.SimpleTagSupport; 


/ -k-k 


* Version three of the HTML select tag uses the JSP 

* dynamic attributes mechanism to store all of the 

* pass-through HTML attributes in a hashmap. 


" 

public class SelectTagHandler 


extends SimpleTagSupport 


implements DynamicAttributes { ^ - - Ouv- tag ha^d!^ 七 —U ⑶ 


// store the 'optionsList /， attribute 
public void setOptionsList(List value) { 
this.optionsList = value; 

} 

private List optionsList = null; 

// store the 'name' attribute 




public void setName(String value) { 
this.name = value; 



private String name; \ 

// store all other (dynamic) attributes / 

public void setDynamicAttribute(String uri, Striorg name. Object value) { 

tagAttrs.put(name , value); / 

private Map<String,Object> tagAttrs = new HashMap<String,Object>(); 
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adding dynamic attributes 


The rest of the tag handler code 


The only thing left is the doTag () method. The only difference 
now is that the generation of the standard HTML 〈 select〉tag 
attributes are stored in the hashmap. The doTag () method must 
iterate over each entry in the map and generate the HTML attribute 
binding in the output stream. Everything else is the same. 

Pretty easy, huh? 


// generate the <select> and <option> tags 
public void doTag() throws JspException, 工 OException { 
PageContext pageContext = (PageContext) getJspContext(); 
JspWriter out = pageContext.getOut (); 

// Start the HTML <select> tag 
out .print (''<select ; 

// add mandatory attributes 

out.print(String•format(ATTR—TEMPLATE, ''name ”， this.name)); 



// add dynamic attributes 

for ( String attrName : tagAttrs.keySet() ) { 


String attrDefinition 

=String, format (ATTR—TEMPLATE, 

attrName, tagAttrs.get(attrName)) 



out. print (attrDefinition); 



// Generate the <option> tags from the optionsList 
for ( Object option : optionsList ) { 

String optionTag 

=String•format(OPTION—TEMPLATE, option.toString ()); 
out.println(optionTag); 

} 

// End the HTML </select> tag 
out .println </select >’’）； 

} // END of doTag method 

private static final String ATTR—TEMPLATE = 、 '%s= /r %s /r 
private static final String OPTION 一 TEMPLATE 
= '' <option value =, %l$s r > %l$s </option>",* 

} // END of SelectTagHandler 
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custom tag development 


OK, there is a little bit of 
configuration in the TIP 

Hah! You didn’t think the solution was only in code, did ya? Of course, 
there is an element of configuration required. Hey, it’s the JSP spec we’re 
talking about here. Fortunately, the change is painless. The element you 
need to include is named <dynamic-attributes>: 

<?xml version= 〃 l•0 〃 encoding= 〃 ISO-8859-l 〃 ?> 

<!DOCTYPE taglib 

PUBLIC ''-//Sun Microsystems, 工 nc.//DTD JSP Tag Library 1.2//EN” 
''http: //java, sun.com/j2ee/dtds/web-jsptaglibrary_l_2 .dtd’’> 

<taglib> 


<tlib-version>l.2</tlib-version> 

<jsp-version>l.2</jsp-version> 
short-name>Forms Taglib</short-name> 

<uri>http :// example.com/tags/forms</uri> 

〈 description 〉 

An example tab library of replacements for the HTML form tags. 
</description 〉 


<tag> 

<name>select</name> 

<tag-class>com.example.taglib.SelectTagHandler</tag-class> 
<body-content>empty</body-content> 

〈 description 〉 

This tag constructs an HTML form 'select 7, tag. It also generates 


the 'option' tags based on the set of items in a list passed in 
by the optionsList tag attribute. 

</description 〉 


<attribute> 

<name>optionsList</name> 

<type>java.util.List</type> 
<required>true</required 〉 
<rtexprvalue>true</rtexprvalue> 
</attribute 〉 

<attribute> 

<name>name</name> 
<required>true</required 〉 

</attribute 〉 


二 s 


<dynamic-attributes>true</dynamic-attributes> 

</tag> / 


</taglib> 
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invalid attributes 


^liereiqrejio 

Dumb Questions 


o ： 

You were using a Simple tag. Does 
this work with Classic tags, too? 


A I 

Yup, the DynamicAttributes 
interface can be implemented by a Classic 
tag in the same fashion as with a Simple tag. 
Even the configuration in the TLD file is the 
same. 

o ： 

Do dynamic attributes accept 
runtime expressions, like EL or <%= %> ? 


A i 

Zx 0 Absolutely. By default every 
dynamic attribute may use EL or JSP 
expression tags to specify the value of 
the attribute. In fact, did you notice that 
the data type of the value parameter 
of the setDynamicAttribute() 
method is Object, and not String? 
This means that the value can evaluate 
to any Java object. 

o ： 

What if I need to "compute” on data 
in a given dynamic attribute? 


A ! 

You can always inspect the name 
parameter and decide to perform some 
computation or transformation of the value 
of that attribute. But if you need that kind 
of functionality, then you should probably 
make that attribute explicit, and perform 
your computation in that attribute's setter 
method. 


o ： 

What happens if the custom tag 
user enters an attribute name that is 
invalid? 


A: 


This is the $64,000 question. 


Because the attribute names are 
not explicitly declared in the TLD, 
the JSP engine sends all other 
attributes to the tag handler using the 
setDynamicAttribute () method. 
The result is that the JSP author might 
mistype the name of a standard HTML 
attribute and never know it — at least 
until the browser failed to invoke the 


behavior of that attribute. So, the 
first solution Gary proposed (using 
explicit attributes with setters and TLD 
declarations) has merit. Gan you think 
of other reasons why Gary’s solution is 
better than Kim’s? 


FLEX YOUR hlHP 

Gary’s solution made all 
attributes explicit. Kim’s 
solution made most of the 
attributes dynamic. Both 
solutions have pros and cons 
there an alternate solution? 
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custom tag development 


What about Tag Files? 


Tag Files can also include dynamic attributes. The mechanism is 
basically the same, but with Tag Files the JSP engine provides the 
Map object for you. You can then inspect or iterate over that map of 
attribute/value pairs using the f orEach JSTL tag. 


Uds a V^asWa\>- 


<%@ tag body-content =/, empty f dynamic-attributes= , tagAttrs^ %> 

<%@ attribute name =, optionsList /， type =/ ， java.util. Li ： 

required= r true' rtexprvalue =' true' %: 

<%@ attribute name = r name 7, required = r true ' %> 

<%@ taglib uri =,, http : //j ava . sun . com/ j sp/j stl/corj ,r prefix=’’c" %> 



<select name= r ${name } r 

<c:forEach var="attrEntry” items=”${tagAttrs}”> 
${attrEntry.key} = A ${attrEntry.value }' 

</c : forEach 〉 


> 


<c : forEach var=’’option" items=’’$ {optionsList}’’> 
<option value = r ${option } r > ${option} </option> 
</c : forEach> 

</select> 


1 to : We 

' h atv.bu-tc ; s 

-the key o-P 

,A ； S 偏士 — 

f ” 化 e— is 

the value of the aUHbu-tc 


BULLET POINTS 



■ The DynamicAttributes interface allows the tag 
handler class to accept any number of tag attributes. 


■ 


■ 


The tag declaration in the TLD must include the 

〈 dynamic-attributes 〉 element. 

Explicit tag attributes must have a setter method. 


■ Typically, you will use a hashmap to store the 
dynamic attribute name/value pairs using the 

setDynamicAttribute () method. 


■ 


■ 


■ 


■ 


Tag Files may also use dynamic attributes. 

Use the dynamic-attributes attribute of the 
tag directive. 

The value of dynamic-attributes holds a 
hashmap of the dynamic attributes. 

Typically, you will use the JSTL f orEach custom 
action to iterate over this map. 
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BodyTag interface 


Put what if you PO need access to the body cowtcwts? 

You’ll probably find that most of the time the lifecycle methods from the Tag and 
IterationTag interfaces, as provided by TagSupport, are enough. Between the three key 
methods (doStartTag(), doAfterBody(), and doEndTag()), you can do just about anything. 

Except...you don’t have direct access to the contents of the body. If you need access to the 
actual body contents, so that you can, say, use it in an expression or perhaps filter or alter it 
in some way, then extend BodyTagSupport instead of TagSupport, and you’ll have access to 
the Body Tag interface methods. 

Extending BodyTagSupport 
gives you two move lifecycle 
methods froin flie BodyTag 
ixiterface-setBodyCoxitexitO 
and doInifBodyO- You can 
use iliese to do soinediing 

widitlie actual CONTENTS 

ofllie body of the tag used 
to invoke the Handler. 



int doEndTag() 

Tag getParentf) 
int doStartTag() 

void setPageContext(PageContext) 
void setParent(Tag) 
void release() 


Iteration 



interface 


〈〈 interface 〉〉 

IterationTag 


int doAfterBodyf) 



interface 




〈〈 interface 〉〉 

BodyTag 


void dolnitBody() 

void setBodyContent(BodyContent) 


K 




\ 




TagSupport class 




TagSupport 


int doAfterBodyf) 
int doStartTagf) 
int doEndTag() 

void setPageContext(PageContext) 
II more methods... 


\ 


S 

N ^BodyTagSupport class 


v 



int doStartTagf) 

BodyContent getBodyContent() 

void dolnitBodyf) 

void setBodyContent(BodyContent) 

II more methods... 
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custom tag development 


With PodyTag, you get two wgw methods 

When you implement Body Tag (by extending BodyTagSupport), you get 
two more lifecycle methods — setBodyGontent() and doInitBody(). You also 
get one new return value for doStartTag(), EVAL_BODY_BUFFERED. That 
means there are now three possible return values for doStartTag(), instead 
of the two you get when you extend TagSupport. 

Lifecycle for a tag that implements BodyTag 
(directly or by extending BodyTagSupport) 


return 

EVAL BODY BUFFERED 



setBodyContent() 


> 


doStartTag() 


return EVAL BODY INCLUDE 


return SKIP BODY 


doInitBody() 



Evaluate BObY 



return EVAL_BODY AGAIN 


’ r 


C 


doAfterBody() 


return SKIP BODY 


doEndTag() 


A change in the default return 
value for BodyTagSupport: 

doStartTagf) 

SKIP 一 BODY 

EVAL BODY INCLUDE 



AL BODY BUFFE 


|\(CY/ vcW^ valued « 七、七卜 
default U Ta— •七 J 



return SKIP PAGE 


return EVAL PAGE 


^^E^luate PA&E^^ 
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BodyTag and BodyTagSupport 


With PodyTag, you caw buffer the body 

The BodyGontent argument to setBodyGontent() is actually a 
type of java.io.Writer. (Yes, it’s OK to find that disturbing from an 
OO perspective.) But that means you can process the body by, say, 
chaining it to another IO stream or getting the raw bytes. 


o ： 

What happens if I return 
EVAL 一 BODY—BUFFERED even though the 
invoking tag is empty? 


A I 

The setBodyContentO and 
dolnitBodyO method will not be called 
if the tag invoking the handler is empty! 
And by empty, we mean that the tag was 
invoked using an empty tag <my:tag /> or 
with no content between the opening and 
closing tags <my:tagxmy:tag>. 


The Container knows there’s no body this 
time, and it just skips to the doEndTagO 
method, so this is usually not a problem. 


Unless the TLD declares the tag to have an 
empty body! If the TLD says 
<body-content>empty</body-content>, 
you don’t have a choice, and you must NOT 
return EVAL—BODY—BUFFERED or 
EVAL_BODY_INCLUDE from doStartTagO. 


0 ： 

What about attributes in a Classic 
tag? Are they handled the same way as 
with Simple tags? 


A • 

Yes, on the sequence diagram for 
both Simple tag handlers and Classic tag 
handlers, there was a place where bean- 
style setter methods are called for each 
attribute. This happens before a Simple 
tag’s doTagO or a Classic tag’s doStartTagO. 
In other words, tag attributes work in 
exactly the same way for both Classic and 
Simple tags, including the way in which 
they’re declared in the TLD. 


z 二:二 

using BodyTagSupport. 

=r 二崎 r 

X NOT extend ==:。二 N0T 

BUFFERED from 
r f% n jTao(j'And you should know the 

; interface, but thafs about it 


If the TLD for a tag declare 

Th 心⑶ 

ket m you!ta e g and TLdTsvT f ° ^ ° arefu, to 

^9 in the TLD to have <bodv cont/H 。， '^ ou dec lare a 
th f the ^ ^ absolutely NO 口 ==7_ 刎 _ 邮 > 
extendin 9 物咖二 BodyTag (or 
,n 'dementing Iteration Tao h, t S ° means ther ^ is no point 
extending TagSupport ut y ou ㈣ that automatically by 

& 产 _ 邮细 Tag() 
卿 /eme 咐 IterationTag or BodyTag. ^ ^ ^ eA? ,F ^ ^ 
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Lifecycle methods for Classic tag methods 

Fill in the chart below. We’ve covered almost everything you need to do this 
correctly, but you’ll have to guess in a few places. (Don’t turn the page!) 



BodyTagSupport 

TagSupport 

doStartTag() 

possible return values 



default return value from the 
implementation class 



Number of times it can be called 
(per tag invocation from a JSP) 



doAfterBody() 

possible return values 



default return value from the 
implementation class 



Number of times it can be called 
(per tag invocation from a JSP) 



doEndTag() 

possible return values 



default return value from the 
implementation class 



Number of times it can be called 
(per tag invocation from a JSP) 



dolnitBody() and 
setBodyContent() 

Circumstances under which they 
can be called, and number of 
times per tag invocation. 
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Classic tag lifecycle return values 



Answers 


Lifecycle return values for Classic tag methods 

You’re expected to know all of this for the exam! 



BodyTagSupport 

TagSupport 

doStartTag() 

possible return values 

BVAL_30VYJI^CLUVB 

m?J>0VV 

mLj>OVVjblCLUVB 

default return value from the 
implementation class 



Number of times it can be called 
(per tag invocation from a JSP) 

Exactly ov\tt 

Exactly oY\tt 

doAfterBody() 

possible return values 


^\?J>0VV 

錄 L—B0W—A_ 

default return value from the 
implementation class 


^IPJdOVY 

Number of times it can be called 
(per tag invocation from a JSP) 

Z-cv-o *to r^a^y 

Z^C\ro *to w\SY\y 

doEndTag() 

possible return values 


SWP__PA 砵 

default return value from the 
implementation class 

•一 PME 

BVALJ>A^B 

Number of times it can be called 
(per tag invocation from a JSP) 

ov\tc 

E>^ad*tly ot\Ct 

dolnitBody() and 
setBodyContent() 

Circumstances under which they 
can be called, and number of 
times per tag invocation. 

E 乂 ad*tly oY\tt, OblU/ i-f 

doS-tav-tTagO vc*tu\nr\s 

mLj>ovvj>^^v 

卿 ER! 
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What if you have tags that work together? 


Imagine this scenario...you have a <mine:Menu> tag that builds a custom 
navigation bar. It needs menu items. So you use a <mine:MenuItem> tag 
nested within the <mine:Menu> tag, and the menu tag gets ahold (somehow) 
of the menu items and uses those items to build the navigation bar. 



〈 mine:Menu > 

〈 mine:MenuItem itemValue=^Dogs " /> 
〈 mine:MenuItem itemValue=^Cats " /> 
〈 mine:MenuItem itemValue="Horses" /> 


</mine : Menu> 


The big question is, how do the tags talk to one another? In other words, 
how does the Menu tag (the enclosing tag) get the attribute values from 
the Menultems (the inner/nested tags)? 

Nested tags are used in several places in the JSTL; the <c:choose> tag, with 
its nested <c:when> and <c:otherwise> tags, is a good example. And you 
might need to use “cooperating tags” （ that’s how the spec says it) in your 
own custom development as well. 

Fortunately, there’s a mechanism for getting info to and from outer and 
inner tags, regardless of the depth of nesting. That means you can get 
info from a deeply nested tag out to not just the tag’s immediate enclosing 
tag, but to any arbitrary tag up the tag nesting hierarchy. 

- f^^rpen your pencil - 

Look at the Tag API, review the previous tag handler code, and think 
about how cooperating tags might get info to and from one another. 


〈〈 interface 〉〉 

Tag 


int doEndTag() 
Tag getParent() 
int doStartTag() 


void setPageContext(PageContext) 
void setParent(Tag) 
void releasef) 
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the getParentf) method 


A Tag caw call its PamitTag 

Both SimpleTag and Tag have a getParent() method. The getParent() in Tag 
returns a Tag, but the getParent() in SimpleTag returns an instance of JspTag. 
We’ll see the implications of those return types in a minute. 





〈〈 interface 〉〉 

SimpleTag 


〈〈 interface 〉〉 

Tag 

void doTag() 


int doEndTag() 

JspTag getParent() 


Tag getParentf) 

void setJspBody(JspFragment) 


int doStartTagf) 

void setJspContext(JspContext) 


void setPageContext(PageContext) 

void setParentfJspTag parent) 


void setParent(Tag) 



void releasef) 


A nested tag can access its parent (enclosing) tag 

<mine : OuterTag> , -p » 

〈 mine: InnerTag /> \v\ *tW»s vcl 3 *t>oy\sWi|>, ^ 

</mine : OuterTag> is pav •⑼* t of 13^ 


Getting the parent tag in a Classic tag handler 

public int doStartTag() throws JspException { 


OuterTag parent = (OuterTag) getParent() 

// do something with it 

return EVAL BODY INCLUDE; V. 

_ _ 


Getting the parent tag in a Simple tag handler 

public void doTag() throws JspException, 工 OException 

OuterTag parent = (OuterTag) getParent(); 

// do something with it 






a 
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Find out just how deep the nesting goes... 

You can walk your way up the ancestor tag chain by continuing to call 
getParent() on whatever is returned by getParent(). Because getParent() returns 
either another tag (on which you can call getParent()), or null. 

In a JSP 

<mine : NestedLevel> 

<mine : NestedLevel> 

<mine : NestedLevel/> 

</mine : NestedLevel> 

</mine : NestedLevel> 


In a Classic tag handler 

package foo; 

import j avax.servlet.j sp.*; 
import javax.servlet.j sp.tagext•*; 
import j ava.io.*; 

public class NestedLevelTag extends TagSupport { 
private int nestLevel = 0; 


public int doStartTag() throws JspException 
nestLevel = 0; 

Tag parent = getParent() ; q ^\\ 七 he 


^ { 

加 W 严七 () 一 . 


(-P i-t s hull, thch wcVc ai -the -top level, 
wc doh^-t have a pav-ch-t. 


while (parent!=null) { 

parent = parent.getParent(); 

nestLevel++; . p i» 

以；:^二⑶二 _ 



try 


pageContext. getOut () . print In (''<br>Tag nested level : '' - 
} catch ( 工 OException ex) { 

throw new JspException (''IOException- '' + ex . toString ()); 

} 

return EVAL BODY INCLUDE; 


nestLevel); 


Result 


to iliil 1.S b j Ntfd4«S C Ht Hm iTuiHfi - Itswt » 

Tag nested level: 0 
Tag nested level: 1 
Tag nested level: 2 
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Simple and Classic interaction 

Simple tags can have Classic parents 

This is not a problem, because a SimpleTag’s getParent() returns type 
JspTag, and Classic tags and Simple tags now share the JspTag super 
interface. Actually, Classic tags can have Simple parents, but it takes a 
slight hack to make that work because you can’t cast a SimpleTag to 
the Tag return value of the Tag interface getParent(). We won’t go 
into how to access a Simple tag parent from a Classic child tag*, but 
all you need to know for the exam (and almost certainly real web app 
life) is that by using getParent(), a Classic tag can access Classic tag 
parents, and a Simple tag can access either a Classic or Simple parent. 



Using ilie getParent() mediod, 
a Classic tag can access 
Classic tag parents, and a 
Simple tag can access eidier a 
Classic or Simple parent. 


In a JSP 

<mine : ClassicParent name= ,, ClassicParentTag ,, > 
<mine:Simplelnner / > 

</mine : ClassicParent> 




In the Simplelnner tag handler 

public void doTag() throws JspException, 工 OException { 

MyClassicParent parent = (MyClassicParent) getParent(); 

get JspContext () .getOut() . print (''Parent attribute is: '' 


|Vs 0^ U a Sw ? lcTa 3 b> 

ask *?饮 a Clasd 

+ parent.getName()); 


In the ClassicParent tag handler 

public class MyClassicParent extends TagSupport { 
private String name; 
public void setName(String name) { 


you have a you 

methods oh ，i like ahy dhey Java 




this.name=name; 

} 

public String getName() 
return name; 




public int doStartTag() throws 
return EVAL BODY INCLUDE; 


JspException { 

V 0U ^IP^OPV ， 

, Jv Will fee jessed! 


*lf you’re really curious, look at the 
TagAdapter class in the J2EE 1.4 API. 


570 chapter 10 
















custom tag development 


You caw walk up, but you caw't walk doww... 

There’s a getParent() method，but there y s no getChild(). Yet the 

scenario we showed earlier was for an outer <my:Menu> tag that needed 
access to its nested <my:MenuItem> tags. What can we do? How can the 
parent tag get information about the child tags, when a child can get a 
reference to the parent, but the parent can’t ask for a reference to the child? 



cf^^rpen your pencil 


How could a parent tag get attribute values from a child tag? 
Describe how you would implement the functionality of the 
cooperating Menu and Menultem tags. 
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&Gttmg iwfo from child to parent 

We have two main ways in which tags can cooperate with one another: 

1) The child tag needs info (like an attribute value) from its parent tag. 

2) The parent tag needs info from each of its child tags. 

We’ve already seen how the first scenario works — the child tag gets a 
reference to its parent using getParent(), then calls getter methods on the 
parent. But what happens when the parent needs info from the child? We 
have to do the same thing. In other words, if the parent needs info from the 
child, it’s the child’s job to give it to the parent! 

Since there’s no automatic mechanism for the parent to find out about its 
child tags, you simply have to use the same design approach to get info to 
the parent from the child as you do to get info from the parent to the child. 
You get a reference to the parent tag, and call methods. Only instead of 
getters, this time you’ll call some kind of set or add method. 


In a JSP 

<%@ taglib prefix= 〃 mine 〃 uri="KathyClassicTags 〃 %> 
<htmlxbody> 


〈 mine:Menu > 

〈 mine: Menu Item i temValue= ,, Dogs " /> 
〈 mine: Menu Item itemValue= 〃 Cats 〃 /> 
〈 mine:MenuItem itemValue="Horses" /> 
〈 /mine:Menu 〉 


</body></html> 


Result 


f^rsry 


]®(D© http://localhost:8080/tests/PageA.jsp 


IX! JIM l.S I 



Menu items are: [Dogs, Cats, Horses] 




572 


chapter 10 













Menu and Menultem tag handlers 


custom tag development 


In the child tag: Menultem 

public class Menultem extends TagSupport { 
private String itemValue; 

public void setltemValue (String value) 
itemValue=value; 


Mdm ps = 〜厂 V/V TWl s *»S 


Att\artd 


value 'wc sen 


public int doStartTag() throws JspException 
return EVAL BODY INCLUDE; 


public int doEndTag() throws JspException 

Menu parent = (Menu) getParent(); 
parent.addMenuItem(itemValue); 

return EVAL PAGE; 




In the parent tag: Menu 


public class Menu extends TagSupport { 
private ArrayList items; 

public void addMenuI'tem (String item) 
items.add(item); 


TW ,s u NOT a ， a ^ N ty!ot^a^ d 

} X)).) 

丨 -4 - m doSta^Ta^^) 

public int doStartTag () throws JspException { l IVp Avv3N 1 \ r 4-a'mCV- 

items = new ArrayList () ; ^^ ^ y>c rt^tA ^ 

return EVAL 一 BODY 一 INCLUDE; 

1 ^ ih : 卿-，峨 


k P^csscd^ 

public int doEndTag() throws JspException { 
try { 

pageContext. getOut () . println (''Menu items are : 、' + items) 
} catch(Exception ex) { 

throw new JspException (''Exception : '' + ex . toString ()); 


// imagine complex menu-building code here... 
return EVAL PAGE; 
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&Gttmg m arbitrary ancestor 


There is another mechanism you can use if you want to, say, skip some 
nesting levels and go straight to a grandparent or something even 
further up the tag nesting hierarchy. The method is in both TagSupport 
and SimpleTagSupport (although they have slightly different behavior), 
and it’s called findAncestorWithGlass(). 

Getting an immediate parent using getParent() 

OuterTag parent = (OuterTag) getParent(); 

Getting an arbitrary ancestor using findAncestorWithClass() 

WayOuterTag ancestor = (WayOuterTag) findAncestorWithClass(this, WayOuterTag.class); 


findAncestorWithClass(this, WayOuterTag.class); 




stavW W ^ U ^ ㈣ yo( 


，u 


The Container walks the tag nesting hierarchy until it finds a tag that’s 
an instance of this class. It returns the first one, so there’s no way to say 
“skip the first tag you see that’s an instance of WayOuterTag.class and give 
me the second instance instead...” So if you really know for a fact that 
you wanted the second instance of a tag ancestor of that type, you’ll just 
have to get the return value of findAncestorWithGlass(), and then call 
getParent() or findAncestorWithGlass() on it. 

You will not be tested on any details of using findAncestorWithGlass(). 

All you need to know for the exam is that it exists! 
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rcise 


Key differences between 
Simple and Classic tags 



Simple tags 

Classic tags 

Tag interfaces 



Support implementation 
classes 



Key lifecycle methods that 

YOU might implement 



How you write to the response 
output 



How you access implicit 
variables and scoped attributes 
from a support implementation 



How you cause the body to be 
processed 



How you cause the current 
page evaluation to STOP 




you are here ► 575 













differences between Simple and Classic 


Exercise 

Answers 

fey differences between 
simple and Classic tags 

Simple tags 

Classic tags 

Tag interfaces 

SimpIcTag JspTaj) 

Tag (cx>*tc^ds JspTag) 
l*tc\ra*tio^7a5 (c>^*tc^ds 7a^) 

BodyTaj l-tcv-atio^Taj) 

Support implementation 
classes 

SimpIcTajSuppov-t 

Ta^Suppovt (implcmc^*ts I'tcv-atio^Taj) 

BodyTajSuppov-t (c^tc^ds TajSuppov-t, 
implcmc^*ts BodyTaj) 

Key lifecycle methods that 

YOU might implement 

doTajO 

doS*ta\rtTagO 

doE^dlajO 

doA-ftcv-BodyO 

(a 灼 dl -fov Body Taj— 
do|^i*tBodyO a^d 
se*tBodyCcm 七⑶七 0) 

How you write to the response 
output 

) - 5C*t0u*t0.p\ri y\{\y\ 

(v\o *t\ry/ 的 ceded because Simplclag 

rwc*t^odis dedla\re 

pa3cCojrrtcx>*tyt0u*tO.p\r’nrrtln 
(y/v-apped *m d *tv-y/^atdh 

because Classic -tag rwethods do 

NOT dc^lav-c *thc IOBy>ce\>boJ) 

How you access implicit 
variables and scoped attributes 
from a support implementation 

lVi*th -the <\c*t ) method 
七 hat \rc*tuv^s d JspCo^*tc>^*t (whidh 
is usually a 

Mih payCwtevct implidii 

vdv-idble 一一 NOT d method like i 七 
is y/i*th Simplclagl 

How you cause the body to be 
processed 

jc*tv)spBodyO.*mvokc^ull) 

Rdm E\//\L__B0Dy__lKCLUDE -fv-om 
doS*ta\rt7ag0, or 

BVAL_BOVY_bUFFBRBV i-f 

dass implerwc 的七 s BodyTa^. 

How you cause the current 
page evaluation to STOP 

Throw a SkipPajcE^cptio^ 

Rc*tuvr\ S^|P__PA^£ -fv-orw 
doE^dTajO 
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Usmg the PagcCowtcxt API for tag handlers 


This page is just a review from what you saw in the Script-free JSPs chapter, but 
it comes up again here because it’s crucial for a tag handler. A tag handler class, 
remember, is not a servlet or a JSP, so it doesn’t have automatic access to a bunch 
of implicit objects. But it does get a reference to a PageGontext, and with it, it 
can get to all kinds of things it might need. 


Remember that while Simple tags get a reference to a JspGontext and Classic 
tags get a reference to a PageGontext, the Simple tag’s JspContext is usually 
a PageGontext instance. So if your Simple tag handler needs access to 
PageGontext-specific methods or fields, you’ll have to cast it from a JspGontext to 
the PageGontext it really is on the heap. 


JspContext 


getAttribute(String name) 
getAttribute(String name, int scope) 
getAttributeNameslnScope(int scope) 
findAttribute(String name) 
getOut() 

II more methods including similar 
II methods to set and remove attributes 
II from any scope 


△ 



PageContext 

APPLICATION_SCOPE 

PAGE_SCOPE 

REQUEST.SCOPE 

SESSION_SCOPE 

II more fields 

祕 6 _ 

getRequest() 

getServletConfig() 

getServletContext() 

getSession() 

^^hods {q 
㉟ 卜 p / 畊 

II more methods 



The one-arg 

getAttribute(String) is 

for page scope ONLY! 

There are TWO overloaded getAttribute() 
methods you can call on pageContext: 
a one-arg that takes a String, and a two-arg 
that takes a String and an int The one-arg 
version works just like all the others 
attributes bound TO the pa geC 0 n te= o=t. 
But the two-arg version can be used to get 
an attribute from ANY of the four scopes. 


findAttribute() looks in 
EACH scope starting 
with PAGE—SCOPE. 

^ can expect to be tested on this!! The 

getAttribute(Strmg) method looks ONLY in paoe 
ITfn 6, Wh ' ，e thG flndAtt _e(STRING) wifsearch 

r f 〒:二 ==== 
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iharpen your pencil 


Memorizing Tag Files 

ANSWERS 


① Fill in what would you must put into a Tag File to declare that the Tag has one required 
attribute, named “title”，that can use an EL expression as the value of the attribute. 

<%@ aiiribu-bc hame 二 ” rbc 乂 pwalue 二 ” *brue” %> 


(5) Fill in what would you must put into a Tag File to declare that the Tag must NOT have a body. 

<%@ body — 匕 %> 



( 3 ) Draw a Tag File document 
in each of the locations 
where the Container will 
look for Tag Files. 


WEB-NF 


This y/asjr/ 七 pa\rt 
*tKc e 乂 Wise, bu 七 i 七 
^ccds -fco be hc\rc- 


moreTags 


-roo.-ta^ 


•foota^ 


bav-.-tld 


•foo.-ta^ 


•foo.-ta^ 


Directly inside WEB-INF/tags 
Inside a sub-directory of WEB-INF/tags 


Inside the META-INF/tags directory inside 
a JAR file that’s inside WEB-INF/lib 


Inside a sub-directory of META-INF/tags 
inside a JAR file that’s inside 
WEB-INF/lib 

IF the tag file is deployed in a JAR, 
there MUST be a TLD for the tag file. 


578 chapter 10 














































custom tag development 



c 办尹尹在疙 


"TKoc^i Sxom QAopt&tiO 


How can a Classic tag handler instruct the container to ignore the remainder of 
the JSP that invoked the tag? 

(Choose all that apply.) 

O A. The doEndTag () method should return Tag. SKIP 一 BODY. 

Q B. The doEndTag () method should return Tag. SKIP 一 PAGE. 

Q G. The doStartTagO method should return Tag. SKIP BODY. 


□ D. The doStartTagO method should return Tag. SKIP PAGE. 


Which directives and/or standard actions are applicable ONLY 
within tag files? (Choose all that apply.) 

□ A. tag 
Q B. page 
口 G. jsp : body 
Q D. jsp: doBody 
Q E. jsp:invoke 
口 F. taglib 
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A medical website hides selective content from users who are not registered. In place 
of the hidden content, a message should display to encourage users to register. Given 


the Simple tag handler snippet: 

11. public int doTag() throws JspException, IOException { 

12 . String level = 

13 . (String) getJspContext () .findAttribute (''accountLevel^) 

14 . if ((level == null 丨丨 ''trial” • equals (level) )) { 

15. String price = '、？"； // TODO get context param 

16. String message = ''Content for paying members 


17. 

18. 

19. 

20 . 


only .<br/>’’+ 

、'<a href=〃register • jsp〃>Sign up now for only 

、 '+price+"!</a>"; 

getJspContext().getOut().write(message); 

} else { 

getJspBodyO . invoke (null); 


21 . 


22 . } 


At line 15, the price for registration should be retrieved from a context parameter 
named registrationFee, however there are no methods on JspGontext for retrieving 
context parameters. What can solve this problem? 

□ A. Retrieve the value with pageContext. getServletContext () 

.getlnitParameter (''registrationFee"); 

Q B. Cast the JspContext to type PageContext so that you can use the 
methods of PageContext to retrieve the context parameter. 

Q G. Retrieve the value with 

get JspContext () .findAttribute (''regis tr a tionFee"); 

Q D. Throw an exception to let the user know that the price could not be found. 
Q E. This is impossible with a Simple tag. A Classic tag must be used. 
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Which Simple tag mechanism will tell a JSP page to stop processing? 

Q A. Return SKIP_PAGE from the doTag method. 

Q B. Return SKIP_PAGE from the doEndTag method. 

Q G. Throw a SkipPageException from the doTag method. 

Q D. Throw a SkipPageException from the doEndTag method. 



Which are true about the Classic tag model? (Choose all that 
apply.) 

□ A. The Tag interface can only be used to create 
empty tags. 


Q B. The SKIP 一 PAGE constant is a valid return value of 
the doEndTag method. 


□ G. The EVAL 一 BODY 一 BUFFERED constant is a valid 
return value of the doAf terBody method. 


1^ D. The Tag interface only provides two values for the return 
value of the doStartTag method: SKIP_BODY and 
EVAL BODY. 


Q E. There are three tag interfaces — Tag, IterationTag, 
and BodyTag — but only two built-in base classes: 

TagSupport, and BodyTagSupport. 
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Which are true about the findAncestorWithClass method in 
the TagSupport class? (Choose all that apply.) 

□ A. It requires one parameter: A Class. 

Q B. It is a static method in the TagSupport class. 

Q G. It is a non-static method in the TagSupport class. 

Q D. It is NOT defined by any of the standard JSP tag 
interfaces. 

口 E. It requires two parameters: A Tag and a Class. 

□ F. It requires one parameter: A String representing the 

name of the tag to be found. 

Q G. It requires two parameters: A Tag and a String, 
representing the name of the tag to be found. 


7 


Which must be true if you want to use dynamic attributes for 
a Simple tag handler? (Choose all that apply.) 


Q A. Your Simple tag must NOT declare any static 
tag attributes. 

Q B. Your Simple tag must use the <dynamic-attributes> 
element in the TLD. 

Q G. Your Simple tag handler must implement the 

DynamicAttributes interface. 

Q D. Your Simple tag should extend the 

DynamicSimpleTagSupport class, which 
provides default support for dynamic attributes. 

Q E. Your Simple tag CANNOT be used with the 

j sp : attribute standard action, because this 
action works only with static attributes. 
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Which is true about tag files? (Choose all that apply.) 

Q A. A tag file may be placed in any subdirectory of WEB-INF. 

Q B. A tag file must have the file extension of . tag or . tagx. 

Q C. A TLD file must be used to map the symbolic 
tag name to the actual tag file. 

Q D. A tag file may NOT be placed in a JAR file in the 

WEB-INF/lib directory. 


Given: 


10 . 

11 . 

12 . 

13. 

14. 


public class BufTag extends BodyTagSupport { 
public int doStartTag() throws JspException { 
// insert code here 


Assume that the tag has been properly configured to allow body content. 

Which, if inserted at line 12, would cause the JSP code 

<my tags : mytag>BodyContent</mytags : my tag> to output 


BodyContent? 
□A. return 
Q B. return 
Q G. return 
□ D. return 


SKIP 一 BODY; 

EVAL 一 BODY 一 INCLUDE; 
EVAL 一 BODY 一 BUFFERED; 
BODY CONTENT; 
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A. A JspException is thrown. 

B. The null value is returned. 

G. A NullPointerException is thrown. 

D. An IllegalStateException is thrown. 


10 


Which about doAf terBody () is true? (Choose all that apply.) 

Q A. doAf terBody () is only called on tags 
that extend TagSupport. 

Q B. doAf terBody () is only called on tags 
that extend IterationTagSupport. 

Q G. Assuming no exceptions occur, doAf terBody () 
is always called after doStartTag () for any tag 
that implements I terationTag. 

Q D. Assuming no exceptions occur, doAf terBody () is 

called after doStartTag () for any tag that implements 

I terationTag and returns SKIP BODY from doStartTag () 


Q E. Assuming no exceptions occur, doAf terBody () is called after 

doStartTag () for any tag that implements I terationTag and 
returns EVAL_BODY_INCLUDE from doStartTag (). 


11 


Given a JSP page: 


1. <%@ taglib prefix:"my ; 

2. <my:tagl> 

3 . <% —一 JSP content — 一 ％ > 

4. </my:tagl> 


uri="/WEB-INF/myTags.tld" %> 


The tag handler for my : tagl is TaglHandler and extends TagSupport. 

What happens when the instance of TaglHandler calls the getParent 
method? (Choose all that apply.) 


□ □ □ □ 
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H Which is true about the lifecycle of a Simple tag? 
U (Choose all that apply.) 


Q A. The release method is called after the doTag method. 

Q B. The setJspBody method is always called before the 
doTag method. 

Q G. The setParent and setJspContext methods are called 
immediately before the tag attributes are set. 

Q D. The JspFragment of the tag body is invoked by the Container 
before the tag handler’s doTag method is called. This value, a 
BodyContent object, is passed to the tag handler using the 

set JspBody method. 


13 


Given: 


10 . 

11 . 

12 . 

13. 

14. 

15. 

16. 
17. 


public class ExampleTag extends TagSupport { 
private String param; 

public void setParam (String p) { param = p; } 
public int doStartTag() throws JspException { 
// insert code here 
// more code here 


Which, inserted at line 14, would be guaranteed to assign the value of the request-scoped attribute 
param to the local variable p? (Choose all that apply.) 


□ A. 

□ B. 

□ G. 

□ D. 

□ E. 


String p 
String p 
String p 
String p 
String p 


=findAttribute (''param"); 

=request.getAttribute (''param"); 

=pageContext. findAttribute (''param"); 

=getPageContext () . findAttribute (''param"); 

=(String) pageContext. getRequest () . getAttribute (''param A, ); 
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Which are valid method calls on a PageContext object? 

(Choose all that apply.) 

Q A. getAttributeNames () 

□ B. getAttribute (''key") 

□ G. findAttribute(' 、 key") 

□ D. getSessionAttribute () 

口 E. getAt tributes Scope (''key^) 

口 F. findAttribute (''key", PageContext • SESSION—SCOPE) 
Q G. getAttribute (''key”，PageContext • SESSION 一 SCOPE) 


Which is the most efficient JspContext method to call to access an 
attribute that is known to be in application scope? 

Q A. getPageContext() 

口 B. getAttribute(String) 

口 G. findAt tribute (String) 

Q D. getAttribute(String, int) 

口 E. getAt tributes Scope (''key") 

Q F. getAttributeNamesInScope (int) 
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What is the best strategy, when implementing a custom tag, for finding 
the value of an attribute whose scope is unknown? 

Q A. Check all scopes with a single 

pageContext. getAttribute (String) call. 

Q B. Check all scopes with a single 

pageContext.findAttribute (String) call. 

Q G. Check each scope with calls to 

pageContext.getAttribute(String, int). 

□ D. Call pageContext. getRequest() . getAttribute (String ) ， 

then call pageContext. getSession () • ge tAt tribute (String), 

and so on. 

□ E. None of these will work. 


Given a tag, simpleTag, whose handler is implemented using the Simple tag model 
\J and a tag, complexTag, whose handler is implemented using the Classic tag model. 
Both tags are declared to be non-empty and non-tag dependent in the TLD. 

Which JSP code snippets are valid uses of these tag? (Choose all that apply.) 

□ A. <my : simpleTag> 

<my : complexTag /> 

</my : simpleTag> 

Q B. <my : simpleTag> 

<%= displayText %> 

</my : simpleTag> 


Q G. <my : simpleTag> 

<%@ include file=^/WEB-INF/web/common/headerMenu.html 
</my : simpleTag> 

Q D. <my : simpleTag> 

<my : complexTag 〉 

<% i++; %> 

</my:complexTag> 

</my:simpleTag> 


%> 
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Which are true about the Tag File model? (Choose all that apply.) 


□ 

A. 

□ 

B. 

□ 

G. 

□ 

D. 

□ 

E. 

□ 

F. 


Each tag file must have a corresponding 
entry in a TLD file. 

All directives allowed in JSP pages are allowed 
in Tag Files. 

All directives allowed in Tag Files are allowed in 
JSP pages. 

The < j sp : doBody> standard action can only be 
used in Tag Files. 

The allowable file extensions for Tag Files are . tag 

and . tagx. 

For each attribute declared and specified in a Tag File, 
the container creates a page-scoped attribute with the 
same name. 


19 


Which are valid in tag files? (Choose all that apply.) 


□ 

A. 

□ 

B. 

□ 

G. 

□ 

D. 

□ 

E. 


<jsp : doBody /> 

<jsp: invoke fragment:’’frag" /> 

<%@ page import= A, java.util.Date A, %> 

<%@ variable name-given:"date" 

variable-class= A, java.util.Date^ %> 

<%@ attribute name="name" value="blank" 
type=〃j ava.lang.String" %> 


20 


Which returns the enclosing tag when called from within a tag handler class? 
(Choose all that apply.) 

□ A. getParent() 

Q B. getAncestor() 

□ C. findAncestor () 

□ D. getEnclosingTag() 
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Given a web application structure: 

21 

/WEB-INF/tags/mytags/tagl.tag 
/WEB-INF/tags/tag2.tag 
/WEB-INF/tag3.tag 
/tag4.tag 

Which tags could be used by an appropriate taglib directive? 
(Choose all that apply.) 


A web application includes many forms for users to fill out and submit. Nothing 
in the pages indicates that a field is required. Business decided that a red asterisk 
should be placed preceding the text labels of required fields but the project 
manager is contending that the background color of required fields be light blue 
and another department is demanding that the project’s application be consistent 
with their own, where the text of the labels be bold for required fields. 

Considering the different perspectives on how required fields could be identified 
in pages, choose the most maintainable usage of a custom tag. 


□ A. 


□ 

□ 


B. 

G. 


<cust : requiredIcon/>First Name : <input type= n text" 
name="firstName"/> 

<cust : textField label="First Name" required:" true▼▼/> 


<cust : requiredField color="red" symbol ： 
label="First Name"/> 


* 


□ D. 


<cust:required 〉 

First Name : <input type= n text' 
</cust : required 〉 


name= "firs tName "/> 


c. c. c. c- 

aaaa 

t t t t 

•••• 

12 3 4 

gg-gg 

aaaa 

t t t t 

A.B.d D. 

□ □ □ □ 
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^ ^ ! ! ! ( )cp v2-.0 2 -- 弓夂） 

How can a Classic tag handler instruct the container to ignore the remainder of 

the JSP that invoked the tag? 

(Choose all that apply.) . ^ ^ mVa \\d because tW»s 

□ A. The doEndTag () method should return Tag • SKIP_BODY. U a vdV»ci vaWc Arov- 

一 AoUATa^O. 

B. The doEndTag () method should return Tag .SKIP PAGE. 


Q G. The doStartTagO method should return Tag. SKIP BODY. 


□ D. The doStartTagO method should return Tag. SKIP PAGE. 


-Option C is'mvalid because i*t 

oY\\y causes *thc body of *thc 
tag to be skipped. 

-外十 D i s invalid bemuse -this 


Which directives and/or standard actions are applicable ONLY 
within tag files? (Choose all that apply.) 

A. tag — Of*tioir> is valid (pj I 一 l?1). 


(JSPvZ .0 «.5 ( M i - IT)) 
JSP vZ.O scd*tioh * 5 .|| 

JSP vZ.O sc£.*tioh 5.1 Z 
JSP vZ.O sc£.*tioh 5.1 冬） 


Q B. page 
口 C. j sp : body 
D. jsp : doBody 


-Oftioh d is mvalid because the diirc^ivc is 
於 ever allov/ed m a *t33 f 心 （ P9 I 一门 1). 

-Option C is mvalid because the js^body 

己扣 affcav* m EITHER a *b3^ Q}r 

一 Op*tior> D is valid I-IZI). 


5^ E. jsp:invoke 
口 F. taglib 


-Opiioh B is valid % I - II”). 

—Oftioh F is invalid bedduse *thc *td^lib diircd*tivc 
cav\ appear m EITHER a tag -file ov- JSP. 
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A medical website hides selective content from users who are not registered. In place 
of the hidden content, a message should display to encourage users to register. Given 
the Simple tag handler snippet: 

11. public int doTag() throws JspException, IOException { 


12. 

String level = 


13. 


(String) get JspContext () . findAttribute ('' accoun tLevel 

14. 

if ((level == null 丨丨 、 'trial 〃 . equals (level))) 

{ 

15. 


String price = '、？"； // TODO get context param 

16. 


String message = ''Content for paying members 

only.<br/>"+ 

17. 


、'<a href=^register. jsp A, >Sign up now for 

、 '+price+"!</a>"; 

only 

18. 


getJspContext().getOut().write(message); 


19. 

} 

else { 


20. 


getJspBodyO . invoke (null); 


21. 

} 



22. } 





At line 15, the price for registration should be retrieved from a context parameter 
named registrationFee, however there are no methods on JspGontext for retrieving 
context parameters. What can solve this problem? 

□ A. Retrieve the value with pageContext. getServletContext () 

.getlnitParameter (''registrationFee A, ); 

B. Cast the JspContext to type PageContext so that you can use the 
methods of PageContext to retrieve the context parameter. 

Q G. Retrieve the value with 


va\riable is or>ly available *to 
Classid 

B Covv-ct*t. 1/Vc 

n\cr\hoY\tA U av>d you 
y/o〆 七 Y\tt& *to ky>oy/ i*t 

-tKc bu*t rt 眯 1 #七 dome 

•m ^dr>dy m *tKc veal Yiorld! 

C Rcw'Crwbcv, 

y/cVc r\o*t lookm^ a 灼 


□ D. 

□ E. 


get JspContext () . findAt tribute (''registrationFee A, ); 


atbribu 七 e, v/cVc lookup 
-fov a do 士乂七 


Throw an exception to let the user know that the price could not be foun 紗 p Dor /七 give up so 

easily/ W\i\\ dcic\rm*maiio^ you 

This is impossible with a Simple tag. A Classic tag must be used. 如 ^ ^ ^ood solution. 


-Optioh E is hot impossible, just tv-idky. 
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Which Simple tag mechanism will tell a JSP page to stop processing? 


(JSP vi.0 


se 出挪 I 认 1) 


□ A. Return SKIP 一 PAGE from the doTag method. 


□ B. Return SKIP_PAGE from the doEndTag method. — Option B is mvalid because 3 Simple 

-taj does y\o{, have the 
CVCrrt method. 

G. Throw a SkipPageException from the doTag method. 

-Option P is invalid because a 
Sir^plc does y\o{, have *thc 

do^dlag cvc^t method. 




Q D. Throw a SkipPageException from the doEndTag method. 


( ,»s 


出 o” s 


Which are true about the Classic tag model? (Choose all that 
apply.) 

Q A. The Tag interface can only be used to create -Oftioh A is mvdlid because ihc Taj 

empty tags. 




sufforb -tags >wi*th a body, ku-t Y ou 
itevate or ^a'm atetss *to the body 


B. The SKIP 一 PAGE constant is a valid return value of 
the doEndTag method. 


□ G. The EVAL 一 BODY 一 BUFFERED constant is a valid 
return value of the doAf terBody method. 

Q D. The Tag interface only provides two values for the return 
value of the doStartTag method: SKIP—BODY and 
EVAL BODY. 


4 


—Option C is mvdlid bc£-3usc 

doA*f*bcv-Body Ol^ly V"C*buV"Jr> 
^\?J> 0 V\oy 

-Option P is 'mvalid because doS*tartTa<\ 

v-c*cumr\s SKIP BODY 

BVAL_B0V7JhlCLUVB. 


E. There are three tag interfaces — Tag, IterationTag, 
and BodyTag — but only two built-in base classes: 

TagSupport, and BodyTagSupport. 
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Which are true about the findAncestorWithClass method in 
the TagSupport class? (Choose all that apply.) 


(JSP n. 


rM') 


□ 

A. 


B. 


G. 

M 

D. 


E. 

□ 

F. 

□ 

G. 


It is a static method in the TagSupport class. 

It is a non-static method in the TagSupport class. 

It is NOT defined by any of the standard JSP tag 
interfaces. 


-Oftioyv C is mvdlid because the 
method is static. 


It requires two parameters: A Tag and a Class. -Opt.or>s A a^d F invalid bc^us 

It requires one parameter: A String representing the "the method -takes iv/o 
name of the tag to be found. 


It requires two parameters: A Tag and a String, 6 * 

representing the name of the tag to be found. is ^ C\^ 




(JSP vZ.O sc£.*bioh I 

Which must be true if you want to use dynamic attributes for 門 $ 2 •:? 午刀 5) 

a Simple tag handler? (Choose all that apply.) 

A *«s mvalid because you 

LJ A. Your Simple tag must NOT declare any static have both statk 扣 d d^\c 

tag attributes. attv">bu*bcs m a Simple 

B. Your Simple tag must use the <dynamic-attributes> 
element in the TLD. 


G. Your Simple tag handler must implement the 

DynamicAttributes interface. 

-Optioh D is ihvalid bemuse £hcv-c is 

Q D. Your Simple tag should extend the ho sudh hclpcv- dlass m buil*t—*m 

DynamicSimpleTagSupport class, which APIs, 
provides default support for dynamic attributes. 


□ E. 


Your Simple tag CANNOT be used with the 
j sp : attribute standard action, because this 
action works only with static attributes. 


-Optioh E is invalid bedause you 
allowed io use the jsp ： attv-ibutc 
with dyhdrv\id 


a\rc 

adtioh 
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Which is true about tag files? (Choose all that apply.) 




n A is mvalid because *ta<\ -file 


Q A. A tag file may be placed in any subdirectory of WEB-INF. r^us-t be placed u^dev" 七 he 

•tay div-cd-fcovy* 


t *ta^ 
iA/EB- 


s 


INF/ 


a/ 


B. A tag file must have the file extension of . tag or • tagx. 一外七 ▲ g is | 厲 8 • 午 .1). 


□ C. A TLD file must be used to map the symbolic 

tag name to the actual tag file. 一 Option C is 'mvalid bedause -taj f\\cs ^ay be 

disdovc\rcd by the dohtaihCV- ih scvcv-al wcll-khowh 
lodaiiohS. This doh*taihC\r -fca*tu\rc is optiohal- 

Q D. A tag file may NOT be placed in a JAR file in the 

WEB-INF/lib directory. 


Given: (JSP AO P«) 

10. public class BufTag extends BodyTagSupport { 

11. public int doStartTag() throws JspException { 

12. // insert code here 

13. } 

14. } 

Assume that the tag has been properly configured to allow body content. 

Which, if inserted at line 12, would cause the JSP code 

<mytags :mytag>BodyContent</mytags :mytag> to output 
BodyContent? 

□ A. return SKIP 一 BODY; 

Ef B. return EVAL 一 BODY 一 INCLUDE; 

□ C. return EVAL BODY BUFFERED; - Option C is mvalid bc^usc it divots the body o-P 

■ NT . 七 k to a buHcv- v/hidh this iaj does ^o*t pv-odcs ： 

-Optioh D is ihvalid bedause ihis is 
⑽七 3 valid \rciu\rh dodc. 


—Option A ,s i^vdlid bcd^usc i*t dauscs 
body o( the taa *to be sk.ffcd. 


□ D. return BODY CONTENT 
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A. A JspException is thrown. -Option ?> dov*\rc£.*t ^ 

严 严 aciPa\rc^t method docs ^ot throw a^y 

B. The null value is returned. 

G. A NullPointerException is thrown. 

D. An IllegalStateException is thrown. 


Which about doAfterBody () is true? (Choose all that apply.) 


(J£P vZ.0 門 . I-I5Z) 


□ A. doAfterBody () is only called on tags 

that extend TagSupport. (teva VTa 9 

口 B. doAfterBody () is only called on tags d is mvalid because there is 

that extend I terationTagSupport. dlass. 


G. Assuming no exceptions occur, doAfterBody () 
is always called after doStartTag () for any tag 
that implements I tera tionTag. 


Q D. Assuming no exceptions occur, doAfterBody () is 

called after doStartTag () for any tag that implements 

IterationTag and returns SKIP BODY from doStartTag (). 




-OftiohS C ar>d P a\rc mvalid 

bedduse doA*f*tcv-BodyO is oir>ly 
called >whcr\ doS*ta\rtrrtuv^s 

mL BODY INCLUDE. 


E. Assuming no exceptions occur, doAfterBody () is called after 
doStartTag () for any tag that implements I terationTag and 
returns EVAL 一 BODY 一 INCLUDE from doStartTag (). 


Given a JSP page: 


1. <%@ taglib prefix:"my' 

2. <my:tagl> 

3. <%-- JSP content --%> 

4. </my:tagl> 


uri="/WEB-INF/myTags.tld" %> 


(JSP vi-0 Ta^>\>ort 
API -州 


The tag handler for my : tagl is TaglHandler and extends TagSupport. 

What happens when the instance of TaglHandler calls the getParent 
method? (Choose all that apply.) 


□ya □ □ 
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Which is true about the lifecycle of a Simple tag? 
(Choose all that apply.) 


(JSP vZ.O scdtioh 

門 s 2 •-80/ 的） 


□ 


A. The release method is called after the doTag method. 


-Oftioh A is mvalid because a 
Si—c -ba^ has v\o v-clcasc method. 


Q B. The setJspBody method is always called before the 
doTag method. 

I^T G. The setParent and setJspContext methods are called 
immediately before the tag attributes are set. 


-Optioh B is ihvalid bemuse ihe 

sctJspBody is hot called i? -the 

Simple is ah cmp*ty 


Q D. The JspFragment of the tag body is invoked by the Container 
before the tag handler’s doTag method is called. This value, a 
BodyContent object, is passed to the tag handler using the 

set JspBody method. 


-Opiioh P is ihvalid bedause 
*tKc is ihVokcd by the 

dolaj i 叶 lei^ehtatioh, I^IOT 
bc+o\rc tKc dolaj is dal led. 
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Given: 


10. public class ExampleTag extends TagSupport { 


11 . 

12 . 

13. 

14. 

15. 

16. 
17. 


private String paramo- 

public void setParam (String p) { param = p; } 
public int doStartTag() throws JspException { 
// insert code here 
// more code here 


(JSP vZ.0 2-2/?) 


Which, inserted at line 14, would be guaranteed to assign the value of the request-scoped attribute 
param to the local variable p? (Choose all that apply.) 


□A. String p 
口 B. String p 
口 G. String p 
□ D. String p 
Im E. String p 


findAttribute (''param"); 


A mval'id because 

is y\o s\aC\\ mC"bV\od- 


-Option 3 is mvalid because *»s 

request.getAttribute (''param") ; variable. 


-Option C is 'mvdlid be 乙 ause a” 

pageContext .findAttribute (''param^) ; m sdopc would be 

Luhd be 心 re dhcdkmj sdofc- 

getPageContext () • findAttribute (''param") ; -0yhot\ D is invalid bcdausc 

"thcirc is ho ytRajcCoh-tcx-fcO 
method. 

(String) pageContext. getRequest() . getAttribute (''param"); 
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Which are valid method calls on a PageContext object? 
(Choose all that apply.) 


(JSP ^ ° l 一 O 



getAttributeNames () 

getAttribute (''key") A a^d P avc \^a\\A 

findAttribute (''key") because thcvc avc methods 

Vrth these 

getSessionAttribute() 
getAttributesScope (''key ”） 

findAttribute (''key” ， PageContext. SESSION_SCOPE) 
getAttribute (''key" , PageContext. SESSION SCOPE) 


-Oftioh F is invalid because 

-Pmd) does 灼 o*t 

have a stoyt favametev. 
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(JSP vZ O ^ 


% -伯 


Which is the most efficient JspContext method to call to access an 
attribute that is known to be in application scope? 

□ A. getPageContext () 一七 ••咖 is mvalid because 七 h 吖 e is ⑽ sudh method. 

□ B. getAttribute (String) -Option B is 'mval'id because this mc*thod o^ly 

looks m fay sdofc- 

□ C. findAttribute (String) 一外七 “ c is iywa | id because this ^cihod would be less 

*tha^ Option D bedduse i*t -piv-s-t dhcdks o*thc\r *thv-cc sdopcs. 

I^T D. getAttribute (String, int) 


□ E. getAttributes Scope (''key A, ) j ^ IS mv ^id bcdausc ho su^h 

method exists. 

□ F. getAttributeNamesInScope (int) - 外今 •<>，P ’s mvalid bcdausc i*t v/ould be o^ly 

ii\rst s*tcp m d pvodcss 七 ha 七 would be less 

Option D. 
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； ； (js? vi.O 行 

What is the best strategy，when implementing a custom tag, for finding 

the value of an attribute whose scope is unknown? 

□ A. Check all scopes with a single —Option A ,s ^ v alid this 

, pageContext. getAttribute (String) call. methodi o^ly the fajc sdopc- 

MB. Check all scopes with a single 

pageContext.findAttribute (String) call. 

口 C. Check each scope with calls to 

pageContext.getAttribute(String, int). 

□ D. Gall pageContext. getRequest() . getAttribute (String), 

then call pageContext. getSession () . getAttribute (String), 

and so on. 

□ E. None of these will work. 


>23) 


-Options C P avc 
'mvalid because -they avc 

less simply 


•irr Given a tag, simpleTag, whose handler is implemented using the Simple tag model 
1 秦 and a tag, complexTag, whose handler is implemented using the Classic tag model. 
Both tags are declared to be non-empty and non-tag dependent in the TLD. 


(JSP vZ.0 l.l.t 
^ I - 1 弘） 


Which JSP code snippets are valid uses of these tag? (Choose all that apply.) 


1^ A. <my : simpleTag> 

<my : complexTag /> 
</my : simpleTag> 


-Oftioh h ^ torrtd] d Simflc ^ ^ay \uWdt 
a Comflc% -taj ^ the body as as that taj 
do^*ta*ms v\o sdviftmj Code 


Q B. <my : simpleTag> 

<%= displayText %> 
</my : simpleTag> 


-Option B is mvalid because simple ta^s 
have a body that mdludcs a JSP c^rcssioh tag 


^ G. 


□ D. 


<my : simpleTag> 

<%@ include file=^/WEB-INF/web/common/headerMenu. html A, %> 

</my : simpleTag> 

-Optioh C is do\r\rcdjt because *thc ihdludc di\rcd*tivc is pv-odcsscd 
bc+o\rc *thc body o+ *thc simplclaj is dohveirted 'mio a 
hov/cvcv-, ihdludcd dohtchi must also be hOh-sdv-ipiihj (v/hidh is 

why this cample ihdludcs dh HTML scgmchi). 


<my:simpleTag> 

<my:complexTag 〉 
<% i++; %> 
</my:complexTag> 
</my : simpleTag> 


-Option D is hoi mvalid because o-P the domfloclaj 
usage (as ih Op*tioh bu*t because *thc 
body has sdv-ip*t*mj CoAt *m it 
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Which are true about the Tag File model? (Choose all that apply.) 


"(JSP W 


.m) 


□ A. Each tag file must have a corresponding ^ be 5 d 

entry in a TLD fde. " oX Jbe used- 

Q B. All directives allowed in JSP pages are allowed q Xj oy ^ g - |S invalid bedduse the paag 

in Tag Files. d*Jcd*tivc is available m la^ r iles. 

Q G. All directives allowed in Tag Files are allowed in ±. /% .. ... , , 

TSP Dages -Opt.oh C .S mval.d because the ia^ 

JPg. attribute, a»d vav-iablc divedtives av-c 

0 D. The < j sp: doBody> standard action can only be ho 七 available ih JSP pajes. 

used in Tag Files. 

E. The allowable file extensions for Tag Files are . tag 

and . tagx. 

S3 F. For each attribute declared and specified in a Tag File, 
the container creates a page-scoped attribute with the 
same name. 


Which are valid in tag files? (Choose all that apply.) 


(JSP vU) n. 


\W 


^ A. <j sp : doBody /> 

0^ B. <j sp : invoke fragment: 〃 frag 〃 /> 

Q G. <%@ page import=^ java. util. Date * A, %> 

D. <%@ variable name-given="date" 
variable-class= 〃 java.util.Date" %> 

□ E. <%@ attribute name="name" value="blank" -Opiioh E is ihvalid bc^usc *thcv-c is 

type="java.lang. String" %> ho value atiribuic dc-f'mcd (or the 

dive^tive. 


- C is mvalid because the 阿 
diV"Cd*twc is ^o*t valid … 


Which returns the enclosing tag when called from within a tag handler class? 
(Choose all that apply.) 

A. getParent () A is do\rv-cd*tj it is 

□ B. getAncestor() the o^ly the methods 

i—^ shown *tn3*t exists. 

U C. findAncestor () 

□ D. getEnclosingTag() 


(JSP AO 朽 . 
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mock answers 


tagl.tag 
tag2.tag 
tag3.tag 
tag4.tag 


-Options C a^d P a\TC mvalid k^ausc laj -files 

— be d 


div-cd-fcov-y 


21 


Given a web application structure: 


(JSP n. 


. 门 W 


/WEB-INF/tags/mytags/tagl.tag 
/WEB-INF/tags/tag2.tag 
/WEB-INF/tag3.tag 
/tag4.tag 


Which tags could be used by an appropriate taglib directive? 
(Choose all that apply.) 


A web application includes many forms for users to fill out and submit. Nothing 
in the pages indicates that a field is required. Business decided that a red asterisk 
should be placed preceding the text labels of required fields but the project 
manager is contending that the background color of required fields be light blue 
and another department is demanding that the project’s application be consistent 
with their own, where the text of the labels be bold for required fields. 

Considering the different perspectives on how required fields could be identified 
in pages, choose the most maintainable usage of a custom tag. 


□ A. 

^ B. 

□ G. 

□ D. 


<cust : requiredIcon/>First Name : <input type="text" 
name="firs tName "/> 

<cust : textField label="First Name" required:’’true n /> 

<cust : requiredField color="red" synibol="*" 
label= n First Name"/> 

<cust:required 〉 

First Name : <input type= n text n name= "firstName n /> 
</cust:required 〉 


(JSP vXO 


—Optioh would y/o\rk i-f you 

khew that the \rc^ui\rcd -field 
would always be marked with 
a symbol av\d the 

° hl y potchtial would be 

the idchti-fic\r used- Evch still, 
it would be just as simple h> 
use -tag swap out a 

idoh ih ah images dived-tovy. 

-Option 3 >s mos*t -flexible 
solution- YouV dus*torw 七 3^ is 

-full tor\*tvol -fov dor\s*tvuttm 5 *tKc 

label Bv\d -field ar\d iioy/ 

*t\icy should be displayed- 


P : i*t v/ould be possible *to do 七 iii 呼 

■tins y/3y bu*t youv £>l3ss *^3^ 

y/ould V^avc *to pavsc *tKc body ar\d ma^ifula-tc 


-Op-tioh C' spc^i-Pyi h g a to\oY 
ahd symbol ih the tag is ah 
uhsa-tis-Pad-to\ry solution as a 
■to Cithc\r o-p these values would 

^*\u*nrc you b> update the values of 
cvc\ry -bg ih cvcv-y JSP. 
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11 web app deployment 


Deploying your web app 



Finally, your web app is ready for prime time. Your pages are 

polished, your code is tested and tuned, and your deadline was two weeks ago. 
But where does everything go? So many directories, so many rules. What do you 
name your directories? What does the client think they’re named? What does the 
client actually request, and how does the Container know where to look? How do 
you make certain that you don’t accidentally leave out a directory when you move 
the whole web app to a different machine? What happens if the client requests a 
directory instead of a specific file? How do you configure the DD for error pages, 
welcome files, and MIME types? It’s not as bad as it sounds... 


this is a new chapter 
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official Sun exam objectives 




Web Application Deployment 


Coverage Notes: 


2.1 Construct the file and directory structure of a web 
application that may contain (a) static content, (b) 
JSP pages, (c) servlet classes, (d) the deployment 
descriptor, (e) tag libraries, (f) JAR files, and (g) 
Java class files. Describe how to protect resource 
files from HTTP access. 


This objective has been covered throughout the 
book in other chapters, so most of the content in 
this chapter related to this objective is either for 
review or to look at something in a little more 
detail. 


2.2 Describe the purpose and semantics for each of 
the following deployment descriptor elements: 
error-page, init-param, mime-mapping, servlet, 
servlet-class, servlet-mapping, servlet-name, and 
welcome-file. 

2.3 Construct the correct structure for each of the 
following deployment descriptor elements: 
error-page, init-param, mime-mapping, servlet, 
servlet-class, servlet-name, and welcome-file. 


Objectives 2.2 and 2.3 focus mainly on picky 
XML tag details related to the Deployment 
Descriptor. While this is probably the least fun 
part of the book (and the exam), most of this 
content is easy to understand and it’s just a 
matter of memorizing the tags. 

There is one tricky part, though, and we’ll spend 
most of our time on it — servlet mapping. 


2.4 Explain the purpose of a WAR file and 

describe the contents of a WAR file and how 
one may be constructed. 


6.3 Write a JSP Document (XML-based syntax) 
that uses the correct syntax. 


We decided to stick this objective into this chapter 
for two reasons: 1) most of this chapter has to 
do with XML, and 2) we didn’t want to add 
anything else into the JSP chapters. We decided 
it was better for you to concentrate more on the 
syntax and behavior of all the other parts of 
JSP, rather than also worrying about the XML 
versions of everything. But now thatyou^re,you 
know, an expert... we figure you can handle it. 
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The Joy of deployment 

We’ve covered most of the fun stuff, but now it’s time for a 
more detailed look at deployment. 

In this chapter, you need to think about three main issues: 


① Where do YOU put things in the web app? 

Where do you put static resources? JSP pages? Servlet class files? 
JavaBean class files? Listener class files? Tag Files? Tag handler 
classes? TLDs? JAR files? The web.xml DD? Where do you put things 
that you don’t want the Container to serve? (In other words, which parts 
of the web app are protected from direct client access?) Where do you 
put “welcome” files? 


( 5 ) Where will the CONTAINER look for things in 
the web app? ’ _ 

Where will the Container look when the client requests an HTML page? 
A JSP page? A servlet? Something that doesn’t exist as an actual 
file (like, BeerTest.do)? Where will the Container look for tag handler 
classes? Where will the Container look for TLDs? Tag Files? JAR 
files? The Deployment Descriptor? Other classes my servlets depend 
on? Where does the Container look for “welcome” files ? (Obviously, 
once you know all of this, then everything in number T becomes a 
no-brainer.) 

③ How does the CLIENT request things in the 
web app? 


What does the client type into the browser to access an HTML page? A 
JSP page? A servlet? Something that doesn’t actually exist as a file? In 
which places can the client make a direct request, and in which places 
is the client restricted from direct access to a resource? What happens 
if the client types in a path to only a directory, not a specific file? 


where to put things 


What goes where m a web app 


In several chapters of this book, we’ve looked at the locations in which the 
various files must be placed. In the chapter on custom tags, for example, you 
saw that Tag Files must be deployed in /WEB-INF/tags or a subdirectory, or 
in a JAR file under /META-INF/tags or a subdirectory. If you put a Tag File 
anywhere else, the Container will either ignore it or treat it as static content 
ready to be served. 

The Servlet and JSP specs have a lot of picky rules about where things go, 
and you really do need to know most of them. Since we’ve already covered 
most of this in one way or another, we use these first few pages as a test of 
your memory and understanding. Don’t skip it! Treat these next few pages as 
practice exam questions! 



o ： 

Why should I have to know where everything goes... isn’t that what 
deployment tools are for? Or even an ANT build script? 

A • 

If you're lucky, you’re using a J2EE deployment tool that lets you point and 
click your way through a series of wizard screens. Then your Container uses that info 
to build the XML Deployment Descriptor (web.xml), build out the necessary directory 
structures, and copy your files into the appropriate locations. But even if you are 
lucky, don’t you think you need to know what the tool is doing? You might need to 
tweak what the tool does. You might need to troubleshoot. You might switch to a 
different vendor that doesn’t have an automated deployment tool. 

A lot of developers use a build tool like ANT, but even then, you still need to tell ANT 
what to do. 


But I just got an ANT build script off the Internet, and it’s already 
configured to do it all for me. 


Again, that’s great — but you still need to know what’s really happening. 

If you’re completely at the mercy of your tool, you’re in trouble if something goes 
wrong. Knowing how to structure a web app is like knowing how to change a tire — 
maybe you’ll never need to do it yourself, but if it’s 3:00 AM and you’re in the middle 
of nowhere, isn’t it nice to know you can? 

And for those of you taking the exam, well, you don’t have a choice. Virtually 
everything in this chapter is covered on the exam. 
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web app deployment 


pencil 


Name the directories 

Write the correct directory names in, given the files shown 
within those directories. Everything in here has been 
covered in an earlier chapter, but don’t worry if you haven’t 
completely memorized them all yet. This is the chapter 
where you have to burn it in. 


useTag.jsp 



NavBar.tag 


foo.MyTagHandler.class 


0010 

0001 

1100 

1001 

0001 

0011 

0101 

0110 


bar.MyHandler.class 


catalogTags.tld 
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exercise on deployment 


貧 ^^rpen your pencil 


Draw the directory and file structure 

Look at the following web app description and draw a directory 
structure that supports that web app. Be sure to include the files too. 
There may be more than one way to structure this; we recommend 
using the simplest (i.e. least number of directories) to organize it. 


Application name: Dating 

Static content and JSPs: welcome.html, signup.jsp, search.jsp 
Servlets: dating.Enroll.class, dating.Search.class 


Custom tag handler class: tagClasses.TagOne.class 


TLD: DatingTags.tld 
JavaBeans: dating.Client.class 
DD: web.xml 

Support JAR files: DatingJar.jar 
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web app deployment 




BE ilie Container 

喊 at’S wron^ witii tiiis deployment? 
TKere are several tilings here that 
do not follow the Servlet or JSP 
Specification for where tiiey should 
be placed. Assume that all 
I _ files have tire correct 

■ * wB ■ names and extensions. 



List everything that’s wrong 
with this picture: 


useTag.jsp 



<%@ at¬ 
tribute 


〃 fontColor 〃 

〃 true" %> 


<%@ tag 
body- 



Header.tag 


foo.html 


foo.AdvisorTagHandler.class 
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exercise on deployment 


r^lharpen your pencil 

ANSWERS 


Name the directories 

To deploy a web app successfully, you MUST follow this structure. WEB-INF must be immediately 
under the application context (“MyTestApp” in this example). The “classes” directory must be 
immediately inside “WEB-INF”. The package structure for the classes must be immediately inside 
“classes”. The “lib” directory must be immediately inside "WEB-INF", and the JAR file must be 
immediately inside “lib”. The “META-INF” directory must be immediately inside the JAR, and TLD 
files in a JAR must be somewhere under “META-INF” (they can be in any subdirectory, and “TLDs” is 
not required as a directory name). TLDs that are NOT in a JAR must be somewhere under “WEB- 
INF”. Tag Files (files with a .tag or .tagx extension) must be somewhere under “WEB-INF/tags” 
(unless they’re deployed in a JAR, in which case they must be somewhere under “META-INF/tags”). 


Cov\icy\i 

J SPs be ai the web 
a PP ^rooi level OR a 

^ubdi^Uy, 
although -tha-t Mtch 
y° u； H see laicm. 





ncPP 娜 u ; a , 、祕 - 听 


useTag.jsp 






NavBar.tag 



n- i 


bar 


0010 

u 

0001 

1100 

1001 

0001 

0011 

0101 

0110 


H 毒 I: 



0010 

0001 

1100 

1001 

0001 

0011 

0101 

0110 


bar.MyHandler.class 



foo.MyTagHandler.class 


1( /WET^-/A/P / , 

嶋- INF，.) c sc uM 饮 
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web app deployment 


%|harpen your pencil 

ANSWERS 


Draw the directory and file structure 

The only things that could be different in this picture are 1) the static content 
and JSPs could be in a subdirectory under “Dating”, or hidden under "WEB- 
INF" and 2) the DatingTags.tld could be in a subdirectory of WEB-INF. 


Application name: Dating 


Static content and JSPs: welcome.html, signup.jsp, 
search.jsp 

Servlets: dating.Enroll class, dating.Search class 
Custom tag handler class: tagClasses.TagOne class 
TLD: DatingTags.tld 
JavaBeans class: dating.Client class 
DD: web.xml 

Support JAR files: DatingJar jar 



Datmjlajs.-tldl 


TajO^cdlas 


s 


E^oll.dlass Sca，rd ^* dlass Clic^tdlass 
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exercise on directories and files 


be \Y\i\dc 


y/eb. 乂 ml r»\us*t 

mside — INP. 





Tag Files (.-tag) 
r»\us*t be sormcv/hc^c U^dcv 
獨 - INP/ta〆. 


Header-tag 


Mate Ldcr 'We 谷 -’ • 


foo.AdvisorTagHandler.class 


*thc W dlasscs W 

\ry is moved ou i o( u |ib" ar^d 
di\rc^*tly u^dev- — INP ). 


BE me Container 


Answers 



Scvcv-al -thmjs a\rc v/\ro^5 >wi*th *this pid*tu\rc| 


〆 


useTag.jsp 


^ROH^!! Tag Fi| cs C^) 

so^cwhcv-c Uhdc^ ^ 
嶋鲁 /—， 7 


0 ^, (al-though dd^essible 
o^ly by o 七 he\r pa\rts o-f 
the web app... y\o div-c^*t 
Bttcss by dietrrb). 



be u,de . 、祕廣 . 


plated 


<html> 

<body> 

</body> 

</html> 



<%@ taglib 
prefix= 
uri= M /WEB-INF/ 
myFunctions. tld ,, %> 

<htmlxbody> 

${mine:rollIt() } 

</body></ 

html> 


二 1 1 1 o 
V o o 1 1 
o o o 1 
o 1 o o 

o o 1 1 
1 o o o 
o 1 o 1 
o 1 o o 
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web app deployment 


Oh if only there were a way 
to deploy my entire web app in 
a JAR, so that I could move it as a 
single file instead of this huge pile 
of files and directories and... 



What she really wants is a WAR He 

The directory structure of a web app is intense. 
And everything has to be in exactly the right place. 
Moving a web app can hurt. 

But there’s a solution, called a WAR file, which 
stands for Web ARchive. And if that sounds 
suspiciously like a JAR file (Java ARchive), that’s 
because a WAR is a JAR. AJAR with a .war 
extension instead of .jar. 
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deploying a web app in a VAR 


WAR files 

A WAR file is simply a snapshot of your web app structure, in a nice 
portable, compressed form (it’s really just a JAR file). You jar up your 
entire web app structure (minus the web app context directory — the 
one that’s above WEB-INF), and give it a .war extension. But that does 
leave one problem — if you don’t include the specific web app directory 
(BeerApp, for example), how does the Container know the name/ 
context of this web app? 

That depends on your Container. In Tomcat, the name of the WAR 
file becomes the web app name! Imagine you deploy Beer App 
as a normal directory structure under tomcat/webapps/BeerApp. 

To deploy it as a WAR file, you jar up everything in the Beer App 
directory (but not the Beer App directory itself), then name the 
resulting JAR file Beer App. war. Then you drop the Beer App. war file 
into the tomcat/webapps directory. That’s it. Tomcat unpacks the 
WAR file, and creates the web app context directory using the name of 
the WAR file. But again, j ⑽ r Container may handle WAR deployment 
and naming differently. What matters to us here is what’s required by 
the spec, and the answer is — it makes almost no difference whether 
the app is deployed in or out of a WAR! In other words, you still need 
WEB-INF, web.xml, etc. Everything on the previous pages applies. 

Almost everything. There is one thing you can do when you use a 
WAR file that you can’t do when you deploy without one — declare 
library dependencies. 

In a WAR file, you can declare library dependencies in the META- 
INF/MANIFEST.MF file, which gives you a deploy-time check for 
whether the Container can find the packages and classes your app 
depends on. That means you don’t have to wait until a resource is 
requested before the whole thing blows up because the Container 
doesn’t have a particular class in its classpath that the requested 
resource needs. 



612 chapter 11 




web app deployment 


0001 

1001 

0011 

0110 


What a deployed WAR file looks like 


When you deploy a web app into Tomcat by putting the WAR file into the webapps 
directory, Tomcat unpacks it, creates the context directory (My Test App in this 
example), and the only new thing you’ll see is the META-INF directory (with the 
MANIFEST.MF file) inside. You will probably never put anything into the META-INF 
directory yourself, so you’ll probably never care whether your app is deployed as a 
WAR unless you do need to specify library dependencies in the MANIFEST.MF file. 


ass 


s 


MANIFEST.MF 



NavBar.tag 


foo.MyTagHandler.class 


bar.MyHandler.class 


catalogTags.tld 
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directly accessible locations 


Makmg static content and JSPs directly accessible 


When you deploy static HTML and JSPs, you can choose whether to make them 
directly accessible from outside the web app. By directly accessible, we mean that a 
client can enter the path to the resource into his browser, and the server will return 
the resource. But you can prevent direct access by putting files under WEB-INF or, if 
you’re deploying as a WAR file, under META-INF. 出 attcss'Wc 


Valid rec/t/esf 


丁 a 

v 


^\> a^?- 


http://www.wickedlysmart.com/MyTestApp/register/signUp.jsp 


Invalid request (produces “404 Not Found” error) 








http: //www. wickedlysmart. com/MyTestApp/WEB-INF/process . j sp 





Content that’s directly 
accessible 


META-INF 


register 


/WEB-INF/ 
tld"%> 

<htmlxbody> 
${mine:rollIt{) } 
</body></ 


welcome.html 


<%@ taglib 
prefix= ,, mine /, 
uri= w /WEB-INF/ 
myFunctions. tld ,, %> 

<htmlxbody> 

${mine:rollIt()} 
</body></ 


signUp.jsp 


〒士 is 仏 

JSPs 

^ the web app level 
UK m subdnrc^-tov-ics. 


html> 

MANIFEST.MF verify.jsp 


WEB-NF 


<html> 

<body> 


sion= 〃 l. 

encoding 

_» UTF _g» 


classes 


<!DOCTYPE 


</body> 

</html> 


<%@ taglib 
prefix= 
uri= w /WEB-INF/ 
myFunctions.tld"%> 

<htmlxbody> 

${mine:rollIt () } 

</body></ 




process.jsp 巧 


Yo^ CM pui 

^ will UOT be ^ 

- jor d\^ti aucss by 

web.xml 6this is the aJi 

Uhdcir WBB-IH} 




If the server gets a client request for anything under 
WEB-INF or META-INF, the Container MUST respond 
with a 404 NOT FOUND error! 
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web app deployment 


4ierei£ire^np 

Dumb Questions 

o ： 

If you can’t serve content from WEB-INF or 
META-INF, what's the point of putting pages there??!! 

A ! 

Think about that. You have Java classes and class 
members with package-level (default) access, right? These 
are classes and members not available to the "public”, but 
meant for internal use by other classes and members that 
are publicly exposed. It’s the same way for these non- 
accessible static content and JSPs. By putting them under 
WEB-INF (or, with a WAR file, META-INF), you're protecting 
them from any direct access, while still allowing other 
parts of the web app to use them. 

You might, for example, want to forward to or include a 
file while making sure that no client can directly request it. 
Chances are, if you want to protect a resource from direct 
access, you'll use WEB-INF and not META-INF, but for the 
exam, you have to know that the rules apply to both. 


o ： 

What about a META-INF directory inside a JAR file 
inside WEB-INF/lib? Does that have the same protection 
as META-INF inside the WAR file? 


A! 

Well... yes. But the fact that the content is in 
META-INF is not the point. In this case, you’re talking about 
a JAR file inside the lib directory inside WEB-INF. And 
anything in WEB-INF is protected from direct access! So, it 
doesn’t matter where under WEB-INF the content is, it’s still 


protected. When we say that META-INF is protected, we’re 
really talking about META-INF inside a WAR file, because 
the META-INF inside WEB-INF/lib JAR files is always 
protected anyway by virtue of being under WEB-INF. 


o： 

On an earlier page you mentioned putting 
library dependencies in the META-INF/MANIFEST.MF 
file. Are you required to do that? Isn’t everything in the 
WEB-INF/lib jar files and the WEB-INF/classes directory 
automatically on the classpath for this application? 


A: 


Yes, classes you deploy in/with the web app, by 


using the WEB-INF/classes directory or a JAR in WEB- 


INF/lib, are available and you don’t have to do or say 


anything. They just work. But... you might have a Container 
with optional packages on its classpath, and maybe 
you’re depending on some of those packages. Or maybe 
you’re depending on a particular version of a library! The 
MANIFEST.MF file gives you a place to tell the Container 
about the optional libraries you must have access to. If the 
Container can’t provide them, it won’t let you successfully 
deploy the application. Which is a lot better than if you 
deploy and then find out later, at request time, when you 
get some horrible (or worse — subtle) runtime error. 


o： 

How does the Container access the content inside 
JAR files in WEB-INF/lib? 


The Container automatically puts the JAR file into 
its classpath, so classes for servlets, listeners, beans, etc. 
are available exactly as they are if you put the classes (in 
their correct package directory structure, of course) within 
the WEB-INF/classes directory. In other words, it doesn’t 
matter whether the classes are in or out of a JAR as long as 
they’re in the right locations. 

Keep in mind, though, that the Container will always look 
for classes in the WEB-INF/classes directory before it looks 
inside JAR files in WEB-INF/lib. 


o ： 

OK, that explains class files, but what about other 
kinds of files? What if I need to access a text file that's 
deployed in a JAR in WEB-INF/lib? 


This is different. If your web app code needs direct 
access to a resource (text file, JPEG, etc.) that’s inside a 
JAR, you need to use the getResourceO or getResourceAs 
StreamO methods of the classloader — this is just plain old 
J2SE, not specific to servlets. 

Now, you might recognize those two methods 
(getResourceO and getResourceAsStreamO), because they 
exist also in the ServletContext API. The difference is, the 
methods inside ServletContext work only for resources 
within the web app that are not deployed within a JAR 
file. (For the exam, you need to know that you can use the 
standard J2SE mechanism for getting resources from JAR 
files, but you do not need to know any details.) 
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servlet mapping 


How servlet mapping REALLY works 

You’ve seen examples of servlet mapping in the Deployment Descriptors 
we’ve used in earlier chapters, beginning with the tutorial. 

Every servlet mapping has two parts — the <servlet> element and the 
<servlet-mapping> element. The <servlet> defines a servlet name and class, 
and the <servlet-mapping> defines the URL pattern that maps to a servlet 
name defined somewhere else in the DD. 


<web-app xmlns=’’http : //j ava . sun . com/xml/ns/ j 2ee" 

xmlns : xsi= 〃 http://www.w3.org/2 001/XMLSchema-instance" 

xsi : schemaLocation=’’http : //java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" 


version 二〃 2•4〃> 


<servlet> 


TW,S , ^ l+Ts 'hot soimetw.^ 




<servlet-name>Beejr</ servlet-name 〉 


<servlet-class>com.example.BeerSelect</servlet-class 〉 

</servlet> 


<servlet-mapping> 

<servlet-name>Beer*</ servlet-name> 
<url-pattern>/Beer/SelectBeer.do</url-pattern> 

</servlet-mapping> 

</web-app> 


I m '<> oks 




web.xml 



616 


chapter 11 









web app deployment 


But I don’t see a 
directory named、、Beer〃 
and theres no file named 
、、5dectBeerdo” 


T ^ ,S is 〜 Wwt 


"this 


wc b 


i w C Y 



http: //www. wickedly smart. com/Advi ceApp /Beer / SelectBeer. do 



The ACTUAL (physical) 
directory structure 


TW，s stM 

do VC«\VACst 


webapps I 

r—I 

AdviceApp I 



BeerSelect.class 


The VIRTUAL (logical) 
directory structure 


^ is does ho {. 
^Hy exisi/ 



? 。 


classes I 

<?xml veq^N 
sion^l.O^ - 
encoding 
= 〃 UTF-8〃？> 

<!DOCTYPE 





BeerSelect.class 
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virtual vs. logical 


Servlet mappings can be "fake" 

The URL pattern you put into a servlet mapping can be 
completely made-up. Imaginary. Fake. Just a logical name you 
want to give clients. Clients who have no business knowing 
anything about the real physical structure of your web app. 


With servlet mappings, you have two structures to organize: 
the real physical directory and file structure in which your web 
app resources live, and the virtual/logical structure. 


The THREE types of <url-pattern> elements 


(T) EXACT match 

<url-patter n>/Beer/ SelectBeer . do</url-pattern> 


② DIRECTORY match 


<url-patter n>/Beer/ 

纖 Tb 咖 7 
a slash (/). 



</url-pattern> 

AW/s “s W 办 a 


S/as^ 



"This be d vivtu^l 
OR V"cdl div~c(t'fcovy. 


③ EXTENSION match 


<url-pattern>*.do</url-pattern> 

/WUST" begih with MUST have a dot 

ast^isk m WtVtK } 

with a slash). 


The virtual/logical structure 
exists simply because you 
SAY it exists! 

The URL patterns in ^ie 
DD don't map to anyfliing 
except odier 〈 servlet - name 〉 
elements in ^ie DD. 

The 〈 servlet - name〉elements 
are ^ie ieyto servlet 
iq 卿 ing 名 ey match a request 
<url-pattem> to an actual 
servlet class. 

Key point: clients request 
servlets by <url - pattern 〉， 
NOT by <servlet-name> or 
〈servlet - class 〉！ 
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Key rules about servlet mappings 

1) The Container looks for matches in the order shown on the opposite 
page. In other words, it looks first for an exact match. If it can’t find an 
exact match, it looks for a directory match. If it can’t find a directory match, 
it looks for an extension match. 

2) If a request matches more than one directory <url-pattern>, the 
Container chooses the longest mapping. In other words, a request for /foo/ 
bar/myStuff.do will map to the <url-pattern> /foo/bar/* even though it also 
matches the <url-pattern> /foo/*. The most specific match always wins. 


<servlet-class>foo.DeployTestOne</servlet-class> 

</servlet> 

<servlet-mapping> 

<servlet-name>One</servlet-name> 

<url-pattern>* . do</url-pattern> 

</servlet-mapping> 

<servlet> 

<servlet-name>Two</servlet-name> 

<servlet-class>foo.DeployTestTwo</servlet-class> 

</servlet> 

<servlet-mapping> 

<servlet-name>Two</servlet-name> 

<url-pattern>/f ooStuf f/bar</url-pattern> 

</servlet-mapping> 

<servlet> 

<servlet-name>Three</servlet-name> 

<servlet-class>foo.DeployTestThree</servlet-class> 
</servlet> 

<servlet-mapping> 

<servlet-name>Three</servlet-name> 

<url-pattern〉/fooStuf f/*</url-pattern> 

</servlet-mapping> 


Requests: 

http://localhost:8080/MapTest/blue.do 

Container choice: 


http://localhost:8080/MapTest/fooStuff/bar 

Container choice: 


http://localhost:8080/MapTest/fooStuff/bar/blue.do 

Container choice: 


http://localhost:8080/MapTest/fooStuff/blue.do 

Container choice: 


http://localhost:8080/MapTest/fred/blue.do 

Container choice: 


http://localhost:8080/MapTest/fooStuff 

Container choice: 


http://localhost:8080/MapTest/fooStuff/bar/foo.fo 

Container choice: 


http://localhost:8080/MapTest/fred/blue.fo 

Container choice: 


BE ike Container 



servlet will tire 
Container choose ^iven 
tke DD servlet mappings 
andflie client 

- 1 requests shown? 

You’ll have 
questions like 
lliis on lie real exam! 



Mappings: 


<servlet> 

<servlet-name>One</servlet-name> 
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exercise on servlet mapping 


Answers 



BE lire Container 


Mappings: 

<servlet> 

<servlet-name>One</servlet-name> 

<servlet-class>foo.DeployTestOne</servlet-class> 
</servlet> 

<servlet-mapping 〉 

<servlet-name>One</servlet-name> 

<url-pattern>* . do</url-pattern> 

</servlet-mapping> 


<servlet> 

<servlet-name>Two</servlet-name> 

<servlet-class>foo.DeployTestTwo</servlet-class> 
</servlet> 

<servlet-mapping 〉 

<servlet-name>Two</servlet-name> 

<url-pattern>/ f ooStuf f/bar</ url-pattern> 

</servlet-mapping> 


<servlet> 

<servlet-name>Three</servlet-name> 

<servlet-class>foo.DeployTestThree</servlet-class> 
</servlet> 

<servlet-mapping 〉 

<servlet-name>Three</servlet-name> 

<url-pattern>/ f ooStuf f/*</ur 1-patter n> 

</servlet-mapping> 

Answers to the exercise on the opposite page: 

OMiis8iAo|d8Q (z jnojise 丄人 0 |deQ G : 


Requests: 

http://localhost:8080/MapTest/blue.do 
Container choice: DeployTestOne 
(matched the *.do extension pattern) 

http://localhost:8080/MapTest/fooStuff/bar 
Container choice: DeployTestTwo 
(exact match with /fooStuff/bar pattern) 

http://localhost:8080/MapTest/fooStuff/bar/blue.do 
Container choice: DeployTestThree 
(matched the /fooStuff/* directory pattern) 

http://localhost:8080/MapTest/fooStuff/blue.do 
Container choice: DeployTestThree 
(matched /fooStuff/* directory pattern) 

http://localhost:8080/MapTest/fred/blue.do 
Container choice: DeployTestOne 
(matched the *.do extension pattern) 

http://localhost:8080/MapTest/fooStuff 
Container choice: DeployTestThree 
(matched the /fooStuff/* directory pattern) 

http://localhost:8080/MapTest/fooStuff/bar/foo.fo 
Container choice: DeployTestThree 
(matched the /fooStuff/* directory pattern) 

http://localhost:8080/MapTest/fred/blue.fo 

Container choice: 404 NOT FOUND 

(doesn’t match ANYTHING) 
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Subtle issues... 


Just to make sure you understand servlet mappings, here’s one more 
little example. Don’t skim — look closely at both the mapping and 
the requests. (In this mini “Be the Container”，the answers are at the 
bottom of the opposite page, so don’t peek.) 

BE {he Container 

servlet will the 
Container choose? 

Mappings in the DD 



<servlet> 

<servlet-name>Two</servlet-name 〉 

<servlet-class>foo.DeployTestTwo</servlet-class> 
</servlet> 

<servlet-mapping> 

<servlet-name>Two</servlet-name 〉 

<url-pattern>/ f ooStuf f /bar</url-pattern> 

</servlet-mapping> 


<servlet> 

<servlet-name>Four</servlet-name> 

<servlet-class>foo.DeployTestFour</servlet-class> 
</servlet> 

<servlet-mapping> 

<servlet-name>Four</servlet-name> 

<url-pattern>/ f ooStuf f/bar/*</url-pattern> 

</servlet-mapping> 


Requests: 

① http://localhost:8080/test/fooStuff/bar/ 
Container choice: 


( 2 ) http://localhost:8080/test/fooStuff/bar 
Container choice: 
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welcome files 


Configuring welcome files in the VV 


You already know that if you type in the name of a web site and 
you don’t specify a specific file, you (usually) still get something 
back. Entering http:/ / www.oreilly.com into your browser takes you 
to the O’Reilly web site, and even though you didn’t name a 
specific resource (like “home.html”，for example), you still get a 
default page. 

You can configure your server to define a default page for the 
entire site, but we’re concerned here with default (also known as 
“welcome”）pages for individual web apps. You configur 
welcome pages in the DD, and that DD determines what the 
Container chooses when the client enters a partial URL — a 
URL that includes a directory, for example, but not a specific 
resource in the directory. 

In other words, what happens if the client request comes in for: 

http: // www. wickedly smart, com /foo /bar ( ^ w bav-^ isjus*ta d»v-c^*toV"Y 

and “bar” is simply a directory, and you don’t have a specific 
servlet mapped to this URL pattern. What will the client see? 

In the DD: 

<web-app ...> 

〈 welcome-file-1ist> 

<welcome-file>index.html</welcome-file> 
<welcome-file>default. jsp< /welcome-file 〉 


</welcome-file-list^ 
</web-app> 


Thc y NOT 

chd wi-th a slash ^ 


Imagine you have a web app where several different directories 
have their own default HTML page, named “index.html”. But 
some directories use a “default.jsp” instead. It would be a huge 
pain if you had to specify a specific default page or JSP for each 
directory that needs one. Instead, you specify a list, in order, 
of the pages you want the Container to look for in whatever 
directory the partial request is for. In other words, no matter 
which directory is requested, the Container always looks through 
the same list — the one and only <welcome-file-list〉. 

The Container will pick the first match it finds, starting with the 
first welcome file listed in the <welcome-file-list>. 


Multiple 
welcome files 
go in a single 
DD element. 

No matter how many welcome files 
you might list, you put them ALL into a 
single entry in the DD. 
<welcome-file-list>. IVs tempting 
to think that each file might go in a 

separate <welcome-file-list> e/emen, 
but that’s not how it works! Each file 
has its own <welcome-file> element, 
but you put ALL of them within a 

single <welcome-file-list>. 


The files in the 

<welcome-file> 
element do NOT 
start with a slash! 

Don,t be confused. The way in which 
the Container matches and chooses 
welcome files is not the same as the 
wa Y in whi ch it matches URL patterns. 
If you put the slash in front of the file 

name ， y ou ’H be violating the spec, and 
bad things will happen. 
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BE the Container 



welcome files will 
the Container choose ^iven 
tire DD and tire client 

requests shown? 
You can expect 
Sometiiing like this 
on tire exam. 


The DD: 

〈 welcome-file-list> 

<welcome-file>index.html</welcome-file> 
<welcome-file>default.jsp</welcome-file> 
</welcome-file-list> 


Directory structure: 



Requests: 

http://localhost:8080/MyTestApp/ 

Container choice: 


http://localhost:8080/MyTestApp/registration/ 

Container choice: 


http://localhost:8080/MyTestApp/search 

Container choice: 


http://localhost:8080/MyTestApp/registration/newMember/ 

Container choice: 


foo.txt 
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exercise on welcome files 


BE lire Container 



Answers 




I 

. j 




■ 


The DD: 

〈 welcome-file-1ist> 

<welcome-file>index.html</welcome-file> 
<welcome-file>default.jsp</welcome-file> 
〈 /welcome-file-list 〉 


Directory structure: 


webapps 


MyTestApp 



Requests: 

http://localhost:8080/MyTestApp/ 

Container choice: 

MyTestApp/index.html 


http://localhost:8080/MyTestApp/registration/ 

Container choice: 

MyTestApp/registration/index.html 


http://localhost:8080/MyTestApp/search 

Container choice: 

MyTestApp/search/default.jsp 
(If there HAD been both a default.jsp and an index.html in 
the “search” directory, the Container would have chosen 
the “index.html” file, since it is listed first in the DD.) 


http://localhost:8080/MyTestApp/registration/newMember/ 

Container choice: 

When no files from the <welcome-file-list> are found, the 
behavior is vendor-specific. Tomcat shows a directory list¬ 
ing for the newMember directory (which shows “foo.txt”). 
Another Container might show a 404 Not Found error. 
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foo.txt 


































How the Container chooses a welcome file 


web app deployment 


① Client requests ： http://www.wickedlysmart.com/MyTestApp/search 
y _ /MyTestApp/search 

inr 

i - - - , . . . l 




Client 


iks in the DD for a servlet mapping, and 
l match. Next, the Container looks in the 
: -list〉and sees 、、 index.html 〃 at the top. 

〈 welcome-file-list 〉 

__ 〈 welcome-file>index • html</welcome-f ile> 

<welcome-file>default.jsp</welcome-file> 
</welcome-file-list> 


② 



Client 


Container loc 
doesiVt find < 
<welcome-fil€ 





Client 


Container looks in the /MyTestApp/search directory 
for an ''index.html" file, but does not find one. 


Container 



Is ^ 一椒― w 



<html> 

4 

<body> 


</body> 


</html> 



default.jsp 


④ 



Client 


Container looks at the next <welcome-file> in the 
<welcome-file-list> in the DD, and sees ''default.jsp". 

<welcome-file-list> 

<welcome-file>index.html</welcome-file> 

' 1 ^^ <welcome-f ile>default. jsp</welcome-f ile> 

</welcome-file-list> 




Response 


— ®，| 


Container looks in the /MyTestApp/search directory for 
a 、、 default.jsp 〃 file, finds one, and serves its response to 
the client. (( 

Ts there a def 祕抑 



ttB 

search I 

I 


Container 



Here it is.. 


<html> 

<body> 


</body> 

</html> 




default.jsp 
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error pages 


Configuring error pages m the VV 

Sure, you want to be friendly when the user doesn’t know the 
exact resource to ask for when they get to your site or web app, 
so you specify default/welcome files. But you also want to be 
friendly when things go wrong. We already looked at this in the 
chapter on Using Custom Tags, so this is just a review. 

Declaring a catch-all error page 

This applies to everything in your web app 一 not just JSPs. 

<error-page> 

<exception-type>java.lang.Throwable</exception-type 〉 
<location>/errorPage.jsp</location 〉 

</error-page> 

(FYI: you can override this in individual JSPs by adding a 
page directive with an errorPage attribute.) 

Declaring an error page for a more explicit exception 

This configures an error page that’s called only when there’s 
an ArithmeticException. If you have both this declaration 
and the catch-all above, then any exception other than 
ArithmeticException will still end up at the “errorPage.jsp”. 


<error-page> 

<exception-type>java.lang.ArithmeticException</exception-type> 
<location 〉 /arithmeticError.jsp</location 〉 

</error-page> 


Declaring an error page based on an HTTP status code 

This configures an error page that’s called only when the sta 
code for the response is “404” (file not found). 


<error-page> 

<error-code>404</error-code> 

<location>/notFoundError.jsp</location> 
</error-page> 


You can’t use 
<error-code> and 
<exception-type> 
together! 

You can configure an error page 
based on the HTTP status code OR 
based on the exception type thrown, 
but you CANNOT have both in the 
sdme 〈 error-page 〉 tag. 
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^iiereiqrejiP 

Dumb Questions 


0： 

What are you allowed to declare as an exception type in 
<exception-type>? 



Anything that’s a Throwable, so that includes java.lang.Error, 
runtime exceptions, and any checked exception (as long as the checked 
exception class is on the Container’s classpath, of course). 




Speaking of error handling, can you programmatically 
generate error codes yourself? 



Yes, you can. You can invoke the sendError() method on the 
HttpServletResponse, and it’ll tell the Container to generate that error 
just as if the Container generated the error on its own. And if you’ve 


configured an error page to be sent to the client based on that error 
code, that’s what the client will get. And by the way, "error” codes are 
also known as "status” codes, so if you see either one, they mean the 
same thing — HTTP codes for errors. 


o ： 

How about an example of generating your own error code? 



OK, here's an example: 

response. sendError (HttpServletResponse. SC—FORBIDDEN); 
which is the same as: 
response.sendError(403); 

If you look in the HttpServletResponse interface, you’ll see a bunch of 
constants defined for the common HTTP error/status codes. Keep in 
mind that for the exam, you don’t need to memorize the status codes! 
It’s enough to simply know that you can generate error codes, that 
the method is response.sendError(), and that in terms of the error 
pages you’ve defined in the DD, or any other error-handling you do 
in your JSPs, there’s no difference between Container-generated and 
programmer-generated HTTP errors. A 403 is a 403 regardless of WHO 
sends the error. Oh yeah, there’s also an overloaded two-argument 
version of sendError() that takes an int and a String message. 
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load-on-startup configuration 


Configuring servlet initialization in the VV 


You already know that servlets, by default, are initialized at first 
request. That means the first client suffers the pain of class loading, 
instantiation, and initialization (setting a ServletGontext, invoking 
listeners, etc.), before the Container can do what it normally does — 
allocate a thread and invoke the servlet’s service() method. 

If you want servlets to be loaded at deploy time (or at server restart 
time) rather than on first request, use the <load-on-startup> element 
in the DD. Any non-negative value for <load-on-startup> tells the 
Container to initialize the servlet when the app is deployed (or any time 
the server restarts). 

If you have multiple servlets that you want preloaded, and you want to 
control the order in which they’re initialized, the value of <load-on- 
startup> determines the order! In other words, any non-negative value 
means load early, but the order in which servlets are loaded is based on 
the value of the different <load-on-startup> elements. 


In the DD 

<servlet> 

<servlet-name>KathyOne</servlet-name> 
<servlet-class>foo.DeployTestOne</servlet-class> 

<load-on-startup>l</load-on-startup> 

</servlet> 


V 


►atcv 切 0 


or 


織 ㈣ 心 

Jfor 




Wouldn't you ALWAYS want to do this? Shouldn’t everyone just 
use <load-on-startup>1</load-on-startup> by default? 


A • 

To answer that question, you ask yourself, "How many servlets do I 
have in my app, and how likely is it that they’ll all be used?” And you’ll also 
need to ask, "How long does it take each servlet to load?” Some servlets are 
rarely used, so you might want to conserve resources by not loading the 
rarely-used servlets in advance. But some servlets take so painfully long 
to initialize (like the Struts ActionServlet), that you don’t want even a single 
client to experience that much latency. So, only you can decide, and you’ll 
probably decide on a servlet-by-servlet basis, evaluating both the pain level 
and likelihood of use for each servlet. 



Values greater than 
one do not affect 
the number of 
g0fvlct inst3nc©s! 

The value you use: 

<load-on-startup>4</load-on-startup 

does NOT mean “load four instances 
of the servlet”. It means that this 
servlet should be loaded only AFTER 
servlets with a <load-on-startup> 
number less than four are loaded. 
And what if there’s more than one 
servlet with a <load-on-startup> of 4. 
The Container loads servlets with the 
same value in the order in which the 
servlets are declared in the DD. 
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Making an XML-compliawt JSP: a JSP Pocumcwt 

This topic didn’t fit well anywhere else, so we decided to stick it in this chapter since we’re 
talking about XML so much. The exam doesn’t require you to be an XML expert, but you do 
have to know two things: the syntax for the key DD elements, and the basics of making what’s 
known as a JSP Document. (“As opposed to what? If a normal JSP isn’t a document, what is it?” 
That’s what you’re asking, right? Think of it this way — a normal JSP is a page, unless it’s written 
with the XML alternatives to normal JSP syntax, in which case it becomes a document.) 


All it means is that there are really two types of syntax you can use to make a JSP. The text in 
grey is the same across both types of syntax. 


Normal JSP page syntax 


JSP document syntax 


Directives 

(except taglib) 

<%@ page import="java•util•*" %> 

< j sp : directive . page import=" j ava • util • * ’’/> 

Declaration 

<% ! int y = 3; %> 

<jsp : declaration 〉 
int y = 3; 

</j sp:declaration 〉 

Scriptlet 

<% list. add (''Fred^) ; %> 

<jsp : scriptlet> 

list • add (''Fred ”）； 

</j sp:scriptlet> 



<jsp : text> 

Text 

There is no spoon. 

There is no spoon. 



</j sp:text> 

Scripting 

Expression 

<%= it.next() %> 

o 

<jsp : expression 〉 
it.next() 

</j sp:expression 〉 


This is all the exam covers on JSP Documents. 

m Weere^t g oin g tos a yany m ore 

JSP documents is probably not something : tran J orm your norma/ JSP 
by tools，and the table above i u ^[ sh ^ ^ ° u have t0 know if you write this by hand—the 

===二=以=:士二 = 

二 s。-.. 
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configuring JB references 


Memorizing the EJP-rclated PP tags 


This exam is about web components, not business components (although in the 
Patterns chapter, you’ll see a few things about business components). But if you’re 
deploying a J2EE app, complete with Enterprise JavaBeans (EJBs) in the business 
tier, some of your web components will probably need to lookup and access the 
enterprise beans. If you’re deploying an app in a full J2EE-compliant Container 
(one that has an EJB Container as well), you can define references to EJBs in the 


DD. You don’t have to know anything about EJBs for this exam, other than what you 
declare in the DD, so we won’t waste your time explaining it here.* 


Reference to a local bean 



丁 w _ w〆 
todc . 


<ejb-local-ref> 

<ejb-ref-name>ejb/Customer</ejb-ref-name> 

<ejb-ref-type>Entity</ejb-ref-type> 

<local-home>com.wickedlysmart.CustomerHome</local-home> 
<local>com.wickedlysmart.Customer</local> 

</ejb - local-ref> 一 





A LOCAL bean means the client (in 
this case, a servlet) and the bean 
must be running in the same JVM. 


Reference to a remote bean 


<ejb-ref> 


<ejb-ref-name>ejb/LocalCustomer</ejb-ref-name> 


<ejb-ref-type>Entity</ejb-ref-type> 
<home>com.wickedlysmart.CustomerHome</home> 
<remote>com.wickedlysmart.Customer</remote> 




</ejb-ref> 

fOptional sub-dcmcK>-ts -fov* both tags mdude 
<dcs^\riptioh> olK>d but you do^i 

"to k^ow that -fov- -the exdm.) 


A REMOTE bean means the client (in 
this case, a servlet) and the bean can 
be running in different JVMs (possibly 
on different physical machines as well). 


* But if you’re interested in EJB, there’s this really good book... 
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The LOCAL and REMOTE 
tags are inconsistent! 

Both the local and remote bean DD tags have two elements 
vou^lTse in code to perform a JNDI lookup on an enter- 

linn hian Those two elements, the lookup name and he 

that it’s: 

<ejb-local-ref> 

<ejb-remote-ref> (- ^ 0 ^-- 

But NO! For remote beans, it’s just: 

< .b |*ef> Ri# 七 ’ Thcv-c^s y\o 

limned 7h7ewasno 郎 “/ ⑽ r 孤 

二 ns _ demote ： there was no need to 

differentiate between local and remote, so no need to p 

__ = 二： 

fhe name of the tag for the bean’s home interface. A 


the name 

b ㊀ dll US6S. 
<local-home> 


Vc 


s 


but a remote bean does NOT use: 

<remote-home> — W]ron ^ - 

For remote bosns, it s just. 


<home> 


configuring the <env-entry> 


Memorizing the JNPI <ewv-ewtry> VV tag 

If you’re familiar with EJB and/or JNDI, this will make sense. If you’re 
not, it doesn’t really matter for the exam as long as you memorize the 
tag. (The details surrounding JNDI environment entries are covered in 
EJB/J2EE books like the lovely Head First EJB) 

Think of an environment entry as being something like a deploy-time 
constant that your app can use, much like servlet and context init 
parameters. In other words, a way for the deployer to pass values into 
the servlet (or in this case, an EJB as well if this is deployed as part of an 
enterprise application in a fully J2EE-compliant server). 

At deploy time, the Container reads the DD and makes a JNDI entry 
(again, assuming this is a fully J2EE-compliant app, and not just a server 
with only a web Container), using the name and value you supply in this 
DD tag. At runtime, a component in the application can look up the 
value in JNDI, using the name listed in the DD. You probably won’t care 
about <env-entry> unless you’re also developing with EJBs, so the only 
reason you need to memorize this is for the exam. 


Declaring an app’s JNDI environment entry 


<env-entry> 




丁 V>e lookup ^ 


!\\ use 


toAt- 


<env-entry-name>rates/ discountRate</ env-entry-name> 

<env-entry-type>j ava. lang. 工 nteger</env-entry-type> 

<env-entry-value>10</ env-entry-value> ( 0 ^ ^ ^ 匕 0 

\., s • : 


cs 


</env-entry> 


(o ： . c - , ： UTMCW 

( ° r w> ^ ^ ^ 


\s 


The <env-entry-type> must 
NOT be a primitive! 

When you see an <env-entry-value> thdt h = 二 f h 9 二 the 

S tha t W0Uld b ，.. 

you n also might be tempted to think that you can have 

on,y Stringsand wrappers, b ut 

can use any type that takes a Sl f n gfj== er _ 

constructor (or a single Character for a Character typ ). 
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Memorizing the <mime-mapping> VV tag 

You can configure a mapping between an extension and a mime type in the 
DD. This will probably be the easiest tag to remember, because it just makes 
sense — you map between an extension and a mime-type, and guess what? In 
a rare moment of simplicity and clarity, they named the tag sub-elements 
“extension” and “mime-type”. That means you have to remember only one 
thing — that the tag elements are named for exactly what they are! 

Unless you start thinking of it as “file-type” and “content-type”. But no, you 
won’t do that. You’ll memorize it just like this. 


Declaring a <mime-mapping> 


<mime -mapping 〉 



po KOT mtWdc dot w ! 


<extension>mpg</extension> 

〈mime - type>v ideo/mp eg</ mime- type> 


</mime -mapping> 




lt，s not <file-type> and 
<content-type>! 


Burn 找 in— 〈 extension〉and <mime-type 
〈 extension〉and <mime-type> 
〈 extension〉and <mime-type> 
< oxtension> and <mime-type> 
< Qxtension> and <mime-type> 


> 
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exercise on deployment 


貧 ^^rpen your pencil 


Where things go 

Fill in this table with explicit notes on where in the web app 
the given resource must be placed. We did the first one for 
you. Turn the page for the answers. 


Resource type 

Deployment location 

Deployment Descriptor 

(web.xml) 

Di\rc^*tly mside IVEB—IKF (whi 匕 h is di\rc^*tly inside \root o( 

the web app). 

Tag Files 

(.tag or .tagx) 


HTML and JSPs 

(That you want to be 
directly accessible.) 


HTML and JSPs 

(That you want to “hide” 
from direct client access.) 


TLDs 

(■tld) 


Servlet classes 


Tag Handler classes 


JAR files 
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web app deployment 


貧 ^^rpen your pencil 


Memorizing DD tags 

If you’re NOT planning on taking the 
exam, don’t worry about getting all 
of these right (although the bottom 
two elements are important to 
almost everyone). 

If you ARE going to take the exam, 
you should spend some time 
memorizing these. 


< 


> 


< >ejb/Customer< > 

<ejb-ref-type>Entity</ejb-ref-type> 

< _>com. wickedlysmart. CustomerHome<_ > 

<local>com.wickedlysmart.Customer</local> 


< 


> 


<ejb-ref> 

<_>ejb/LocalCustomer< _ > 

<ejb-ref-type>Entity</ejb-ref-type> 


<_>com. wickedlysmart. CustomerHome<_> 


<_>com. wickedlysmart. Customer<_> 

</ejb-ref> 


<env-entry> 


< _>rates/discountRate< _> 

< - > j ava . lang. 工 nteger< - > 

<env-entry-value>10</ env-entry-value> 

</env-entry> 


<error-page> 

< _> j ava • io • 工 OException<_ > 

< _>/myerror . j sp< _ 

</error-page> 


< _ > 

<welcome-file>index.html</welcome-file> 
< > 
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exercise on deployment 


e^^rpen your pencil 

Where things go 

Fill in this table with explicit notes on where in the web app 
the resource must be placed. We did the first one for you. 

Resource type 

Deployment location 

Deployment Descriptor 

(web.xml) 

Di\rc^*tly mside IVEB—IKF (whi 匕 h is di\rc^*tly inside \root o( 

the web app). 

Tag Files 

(.tag or .tagx) 

l-f MOT deployed inside a JM, Files mus-t be msidc iVEB-IKF/tajs, or 

d subdiv-c^*fcov-y o-f iVEB-IKF/tajs. |-f deployed m a JAR ； "^9 Files mus-t 
be m META-INF/tajs, ov- a subdiv-cd*tov-y oJr AlETA-lKF/tajs. Note ： Taj 

Files deployed m a JAR mus*t have a TLP *m -the JAR- 

HTML and JSPs 

(That you want to be 
directly accessible.) 

Clic^*t-a^cssiblc HTML JSPs be a^yv/hcv-c u^dev- -the voo 七 o*f -the web app 

o\r any d i*U subdi\rc^*fco\rics, B)(CBPT *thcy 匕 be ui^dcv IVEB—IKF 
subdi\rcd*bo\rics). 3 tV/\R -file ； 匕扣’七 be ui^dcv- META—INP (mdudi% subdivc^-fcovics). 

HTML and JSPs 

(That you want to “hide” 
from direct client access.) 

Pages u^dev- IVEB-INF (or AlETA-IKF m a l/VAR -file) da^^o-t be divedJy 
addessed by diwts. 

TLDs 

(■tld) 

|-f HOT 'mside d JAR ； TLD -files mus*t be somcv/hcv-c ui^dcv- IVEB—IKF ov- 
d subdiv-c^*fcov-y o-f IVEB-IKF l-f deployed *m a JAR ； TLD -files must be 
somcv/hc\rc u^dev- META—IKF ； o\r 3 subdi\rc^*fco\ry META—INF- 

Servlet classes 

Scv-vlc*t classes r»\us*t be m d dived-fcovy S*t\rud*tu\rc ^ddkd^e 

s*tv-ud*tuv-c, ^Idded div-c6*tov-y u^dev- I/VpB-INF/ classes (-fov- c^arwplc, dass dom. 

C^a rwpIc Rmg would be mside lVEB-|KF/dlasscs/dom/c>camplc) ; o\r *m *thc 
app\rop\ria*tc fddka^e di\rc^*to\rics y/i*th*m d JAR mside iVEB-IKF/lib). 

Tag Handler classes 

Anally ALL classes used by -the web — app (unless -theyVe pav-t -the dlass 
libv-a\rics 01^ dlasspath) mus*t -follow *thc sdme \rules as sc\rvlc*t classes—msidc 

IVEB-|KF/classes, *m d di\rcd*to\ry st\rud*tu\rc *thc (ov m *thc 

app\rop\ria*tc div-c^*bo\rics y/i*th*m d JAR mside lVEB-|KF/lib). 

JAR files 

JAR -files mus*t be inside *thc IVEB—INF/lib dive^tovy. 
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web app deployment 


f^^rpen your pencil 


Memorizing DD tags 

ANSWERS 

If you are going to take the exam, 
you should spend some time 
memorizing ALL of these (plus any 
of the others from from this chapter 
and the security-related tags you'll 
see in the next chapter). 


< 


cjb-lodcil-vc-f 


> 


*to a loca” 如 七 
has a w lo 乙 al” m 七 cda 比 


< 


Cjb—>ejb/Customer< / Cjk—VC-f—hdmC 


> 


<ejb-ref-type>Entity</ejb-ref-type> 


< lo^al — homC >com. wickedly smart. CustomerHome< /loddl—home > 
<local>com•wickedlysmart.Customer</local> 


< 


/ ejb - lodal - vef 


> 


<ejb-ref> 

<ejb-ref-type>Entity</ejb-ref-type> 


b -- hdmC >ejb/LocalCustomer< / Cjb—\rC-f— 


> 


has a 


< home >com. wickedlysmart. CustomerHome< /\\on\t > 

< \r€i^o*tc >com. wickedlysmart. Customer< /\rC^O*tc > 
</ejb-ref> 


<env-entry> 


ChVHrohrhCh-t Chivy is 

a way -to gc-t dcploy-ti^c 
^Ohs-fcah-ts ih-fco 9 

appl'uia-tioh. 


< OW — Ch*bry — >rates/discountRate< /c 灼 V — Ch*bry — > 

< CMtry - 七 ype >java.lang. 工 nteger< /cjtw - eh*bry - 七 ype > 

<env-entry-value>10</ env-entry-value> 

</env-entry> 


r l v mC r ^ 


<error-page> 


< 


c^dcp*tioh--typc >java.io. 工 OException< 

< lod3*tioh >/myerror . j sp< /lod3*tlOh > 

</error-page> 


> 


plls the Cohiaihcir whi^h paa c 
to look whch a merest c. on 

代 soum 匕 c. Theme be move 

<^o^ilc> s^ied 
七 he < wcldomc — Pile —| is - t >. 


formes 
\t 

th^h 

ih 


< 


< 


y/ckomc—file-list > 

<welcome-file>index.html</welcome-file> 

/ y/ckomc—file-list > 
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mock exam 


TJioc^ Zxcm ^Aopt&tii 

Where can <init-param> elements appear in the DD? 

(Choose all that apply.) 

Q A. As child elements of <servlet>. 

Q B. As direct descendants of <web-application> elements. 

□ G. Just after the Document Type Declaration. 

Q D. Inside of < con text-par am> elements when you want to 
declare a context initialization parameter. 



Where do you store Tag Library Descriptors (TLDs), in a web application? 
(Choose all that apply.) 

□ A. Only in /WEB-INF/lib. 

□ B. Only in /WEB-INF/classes. 

Q C. In the /META-INF directory of a JAR file inside 

/WEB-INF/lib 

Q D. At the application’s top-level directory. 

□ E. In /WEB-INF or a sub-directory thereof. 



Which statements about WAR files are true? (Choose all that apply.) 
□ A. WAR stands for Web Application Resources file. 

Q B. A valid WAR file must contain a deployment descriptor. 

Q G. Several WAR files can compose a web application. 

Q D. A WAR file cannot contain embedded JAR files. 
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web app deployment 


The following servlet is declared in the DD: 

<servlet> 

<servlet-name>MyServlet</servlet-name> 
<servlet-class>com.myorg.ServletClass</servlet-class> 
</servlet> 

Where can you store the servlet class in the web application? (Choose all that 
apply.) 

□ A. In /META-INF of a JAR file. 

Q B. In the package-related directory tree begining at the top level of the 
application directory. 

Q G. In /WEB-INF/classes or in a JAR file in /WEB-INF/lib. 

□ D. In /WEB- INF/lib outside of a JAR file. 


What is the purpose of the deployment descriptor (DD)? (Choose all that 
apply.) 

□ A. To allow code-generation tools to dynamically create servlets from an 

XML file. 

Q B. To convey the web-application configuration information from 
developers to application assemblers and deployers. 

Q C. To configure vendor-specific aspects of the application. 

□ D. To configure only database and Enterprise JavaBean access from the 

web application. 


Where should web. xml be stored in a WAR file? (Choose all that apply.) 

□ A. In /WEB-INF/classes. 

□ B. In /WEB-INF/lib. 

□ G. In /WEB-INF. 

□ D. In /META-INF. 
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mock exam 


Given: 

10 . <%@ page import= A, java.util. %> 

11. <jsp : import import="java•util•*" /> 

12. <j sp : directive.page import= 〃 java•util •*〃 /> 

13. <j sp : page import="java•util•*" /> 


Assume the prefix “jsp” has been mapped to the namespace 

http : //java•sun.com/JSP/Page. 


Which are true? (Choose all that apply.) 


□ 

A. 

□ 

B. 

□ 

G. 

□ 

D. 

□ 

E. 


Lines 10 and 12 are equivalent in any type of JSP page. 

Line 10 is not valid in a JSP document (XML-based document). 
Line 11 will properly import the java . util package. 

Line 12 will properly import the java . util package. 

Line 13 will properly import the java . util package. 



Which statements about <init-param> DD elements are true? 

(Choose all that apply.) 

Q A. They are used to declare initialization parameters for a 
specific servlet. 

Q B. They are used to declare initialization parameters for an 
entire web app. 

Q G. The method that retrieves these parameters has a signature 
that returns an Object. 

□ D. The method that retrieves these parameters takes a String. 



Which are DD elements that provide JNDI access to J2EE components? 
(Choose all that apply.) 


□ 

A. 

<ejb-ref> 

□ 

B. 

<entity-ref> 

□ 

G. 

<ejb-local-ref> 

□ 

D. 

<session-ref> 

□ 

E. 

<ejb-remote-ref> 
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10 


The following servlet is registered in the DD: 

<servlet> 


<servlet-name>action</servlet-name> 


<servlet-class>com.myorg.ActionClass</servlet-class> 

</servlet> 

Choose the correct mappings for this servlet. (Choose all that apply.) 

口 A. <servlet-mapping> 

<servlet-name>action</servlet-name> 

<url-pattern>*.do</url-pattern> 

</servlet-mapping 〉 

Q B. <servlet-mapping> 

<servlet-name>com.myorg.ActionClass</servlet-name> 
<url-pattern>*.do</url-pattern> 

</servlet-mapping 〉 

Q G. <servlet-mapping> 

<servlet-name>action</servlet-name> 

Curl-pattern 〉 /controller</url-pattern> 

</servlet-mapping 〉 

Q D. <servlet-mapping> 

<url-pattern>*.do</url-pattern> 

</servlet-mapping 〉 

口 E. <servlet-mapping> 

<servlet-name>action</servlet-name> 

</servlet-mapping 〉 


11 


For which type of web app components can dependencies be defined? (Choose 


all that 

apply.) 

□ 

A. JSP files 

□ 

B. 

WAR files 

□ 

G. 

classes 

□ 

D. 

libraries 

□ 

E. 

manifest files 
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12 


Which are valid declarations in a JSP Document (XML-based document)? 
(Choose all that apply.) 

□ A. <j sp : declaration 

xmlns : jsp="http://java•sun.com/JSP/Page 
int x = 0; 

</j sp : declaration 〉 

Q B. <j sp : declaration 

xmlns : jsp=’’http : / /java • sun . com/JSP/Page A, > 
int x; 

</j sp : declaration 〉 

□ G. <%! int x = 0; %> 

□ D. <%! int x; %> 


13 


Which 2.4 deployment descriptor elements may appear before the <web-app> 
element? (Choose all that apply.) 

□A. <listener> 

Q B. <context-param> 

Q C. <servlet> 

Q D. No XML elements may appear before the <web-app> element. 


. A Which statements concerning the container class loader are true? 

ITT (Choose all that apply.) 

Q A. Web applications should NOT attempt to override container 
implementation classes. 

Q B. A web application must not attempt to load resources from 

within the WAR file using the J2SE semantics of getResource. 

Q G. A web application may override any J2EE classes in the javax.* 
namespace. 

Q D. A web developer may override J2EE platform classes provided 
they are contained in a library JAR within a WAR. 


642 


chapter 11 





web app deployment 



c 办尹尹在疙 


^Aopt&iVl /id^rn^ 


Where can <init-param> elements appear in the DD? 

(Choose all that apply.) 

A. As child elements of <servlet>. 

Q B. As direct descendants of <web-application 〉 elements. 

Q G. Just after the Document Type Declaration. 

Q D. Inside of <context-param> elements when you want to 
declare a context initialization parameter. 


(Soviet 

—nr\doV"\rc£-*t bc63usc 
weo does 
element <wcb— 

一 七 ioir\ D is ihd>ovv"C 乙七 bc£>3usc 
<do^"tcX»*t—elements do 
^o*t 乙 orrtam 


Where do you store Tag Library Descriptors (TLDs), in a web application? 
(Choose all that apply.) 


(JSP sv ⑽ l” fc) 



Only in /WEB-INF/lib. 

Only in /WEB-INF/classes. 

In the /META-INF directory of a JAR file inside 

/WEB-INF/lib 


一 The do^*tamcv" will au*toma*ti 乙 ally 

disdovcv TLps -they arc m 

/^/EB-INF/^l3 ss ^ s ov， /i^tB-INr/lib. 


□ D. At the application’s top-level directory. 

E. In /WEB-INF or a sub-directory thereof. 


(scvvtct ^ • ^* fc) 


Which statements about WAR files are true? (Choose all that apply.) 

□ A. WAR stands for Web Application Resources file. 

^ B. A valid WAR file must contain a deployment descriptor. 沾 *^3 ds -fov- Web 
Q G. Several WAR files can compose a web application. Povtio^s of S v^eb application 

□ D. A WAR file cannot contain embedded JAR files. be do^*t3mcd 3 \Z^AR 


-Pile ； ohly sv\ afplidatio^ 

veside v/rthm a ^ 
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The following servlet is declared in the DD: 

<servlet> 


(Soviet ? ^ 0) 


<servlet-name>MyServlet</servlet-name> 

<servlet-class>com.myorg.ServletClass</servlet-class> 

</servlet> 

Where can you store the servlet class in the web application? (Choose all that 
apply.) 

□ A. In /META-INF of a JAR file. 

Q B. In the package-related directory tree begining at the top level of the 
application directory. 

6^ G. In /WEB-INF/classes or in a JAR file in /WEB - INF/lib. 

Q D. In /WEB-INF/lib outside of a JAR file. — Op+io 灼 D CoYYttk, because /iA/EB—INF/l*l) 

is aWea as ^ U JAR ^iles. 



What is the purpose of the deployment descriptor (DD)? (Choose all that 
apply.) 


(Servlet sped p lOi) 


□ A. 
^ B. 

□ G. 

□ D. 


To allow code-generation tools to dynamically create servlets from an 
XML file. 


To convey the web-application configuration information from 
developers to application assemblers and deployers. 

To configure vendor-specific aspects of the application. 

To configure only database and Enterprise JavaBean access from the 
web application. 


—Option P is 

because these toir^cv^s 
av-c just a subset o\ the 
PP s puv-fosc- 



Where should web. xml be stored in a WAR file? (Choose all that apply.) 

□A. In /WEB-INF/classes. 

□ B. In /WEB-INF/lib. 

^ G. In /WEB-INF. 一 士州 1 should be sW m 脈 B - If 

□ D. In /META-INF. vc^av-dlcss of y/hethev- defloymept 

involves a WhR 饮私 c^lodcd di\rcdto\ry 

s*brud"tu\re. 


(Scv-vlct sped p 10) 
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Given: (JSP 1 -帥 

10 . <%@ page import= A, java. util. *" %> 

11. <jsp : import import="java•util•*" /> 

12. <j sp : directive.page import= 〃 java•util •*〃 /> 

13. <j sp : page import="java•util•*" /> 


Assume the prefix “jsp” has been mapped to the namespace 

http : //j ava.sun.com/JSP/Page. 

Which are true? (Choose all that apply.) 


- 0 f*tioh A is mdovved •七 because Imc 10 
y/ould be invalid … d JSP PodurwC^"t 


Q A. Lines 10 and 12 are equivalent in any type of JSP page. ()<ML-bascd dodumeirrt). 
&&I B. Line 10 is not valid in a JSP document (XML-based document). 


Q G. Line 11 will properly import the java . util package. 
^ D. Line 12 will properly import the java . util package. 
Q E. Line 13 will properly import the java . util package. 


-Options C B avc mvalid as 

they avc not valid m the 

http://javasuhdom/ JSP/Pagc 



Which statements about <init-param> DD elements are true? 
(Choose all that apply.) 


^ A. 

□ B. 

□ G. 
^ D. 


They are used to declare initialization parameters for a 
specific servlet. 

They are used to declare initialization parameters for an 
entire web app. 

The method that retrieves these parameters has a signature 
that returns an Object. 

The method that retrieves these parameters takes a String. 


一 krtializ^atu^ \>a\ramc*tcvs 
have wck aff sdofc ov- servlet 
sdofe. Those v/'rth scv-vlc*t 
sdopc 3V"C earned <mi*t 一 

m the DD ， a 灼 d *t3kc 

ve*tuv^ a S*brmj. Those with 
>wcb aff sdofc av-c Mmcd 

m the PP 

a^d also -take a^d a 

StvmJ- 



Which are DD elements that provide JNDI access to J2EE components? 
(Choose all that apply.) 

^ A. <ejb-ref> 


(soviet syce- 


□ B. 

of g. 

□ D. 

□ E. 


<entity-ref> 
<ejb-local-ref> 
<session-ref> 
<ejb-remote-ref> 


一 I 於 addition, <c\b^lodal^> also pv-ovidcs 

web aff dv-ca*bov- with a JNDI y'tkcct^ct 

-to J 2 -EE 乙 0 叶 0 心 * b. 
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10 


The following servlet is registered in the DD: 

<servlet> 




<servlet-name>action</servlet-name> 

<servlet-class>com.myorg.ActionClass</servlet-class> 
</servlet> 


Choose the correct mappings for this servlet. (Choose all that apply.) 




A. 


□ B. 


d 


G. 


□ D. 


<servlet-mapping> 

<servlet-name>action</servlet-name> 

<url-pattern>*.do</url-pattern> 

</servlet-mapping 〉 

<servlet-mapping> 

<servlet-name>com. myorg. ActionClass</servlet-name> 
<url-pattern>*.do</url-pattern> 

</servlet-mapping 〉 

<servlet-mapping> -0yhov\ B is because it 

<servlet-name>action</servlet-name> K e 

Curl-pattern>/controller</url-pattern> 

</servlet-mapping 〉 

<servlet-mapping> 

<url-pattern>*.do</url-pattern> 

</servlet-mapping 〉 

<servlet-mapping> -Oftiork P is 'md.ovrcd.*t because i*t 

<servlet-name>action</servlet-name>°^ , ^ s A <sc，rv/ 
</servlet-mapping> t\t^i - ’ 


11 


For which type of web app components can dependencies be defined? (Choose 
all that apply.) 


(soviet 


□ 

A. JSP files 


B. 

WAR files 

a 

G. 

classes 

D. 

libraries 

□ 

E. 

manifest files 


一 LiWav-ics be dc-f med m 

iht /META-INF//VIANIFKT./VIF (\\t. 
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Which are valid declarations in a JSP Document (XML-based document)? 
(Choose all that apply.) 

A. <j sp : declaration 

xmlns : j sp=”http : / /java . sun . com/JSP/Page ,A > 
int x = 0; 

</j sp : declaration 〉 

^ B. <j sp : declaration 

xmlns : j sp=^http : / /java . sun . com/JSP/Page 
int x; 

</j sp : declaration 〉 

□ G. <% ! int x = 0; %> ^ ^ 

C a^d V a\rc 

because o^ly i\\t <\s^Atc\a>ra {: \or> 

syh*t3% >s valid m JSP PodumC^*ts- 


(JSP 朽 . 


I - m) 


□ D. <% ! int X ； %> 


仍 Which 2.4 deployment descriptor elements may appear before the <web-app> ^ » |0l) 

13 element? (Choose all that apply.) 


(Choose all that apply.) 

□A. <listener> 

Q B. <context-param> 

Q C. <servlet> 

D. No XML elements may appear before the <web-app> element. 




.j. Which statements concerning the container class loader are true? 
ITT (Choose all that apply.) 




6^ A. Web applications should NOT attempt to override container 
implementation classes. 

B. A web application must not attempt to load resources from 
within the WAR file using the J2SE semantics of getResource. 

G. A web application may override any J2EE classes in the javax.* 
namespace. 

D. A web developer may override J2EE platform classes provided —Options C f D ihdo\r\rcd*t 
they are contained in a library JAR within a WAR. bcdausc "the v/ebapp mus*t MOT 

ovc\T\ridc 叫 dldss ih ihc java 
o\r java 乂 决 hdmespddes. 


—^D*^ioh 3 is iir^oV'V'C 乙 * t 

v/ebd^ may use the 

mc-bhod the ^ebapps dlass 

loader -to addess a^y WAR We. 
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12 web app security 


Keep it secret，keep it safe 



Your web app is in danger. Trouble lurks in every corner of the 
network, as crackers, scammers, and criminals try to break into your system 
to steal, take advantage, or just have a little fun with your site. You don’t want 
the Bad Guys listening in to your online store transactions, picking off credit 
card numbers. You don’t want the Bad Guys convincing your server that 
they’re actually the Special Customers Who Get Big Discounts. And you don’t 
want anyone (good OR bad) looking at sensitive employee data. Does Jim in 
marketing really need to know that Lisa in engineering makes three times as 
much as he does? And do you really want Jim to take matters into his own hands 
and login (unauthorized) to the UpdatePayroll servlet? 


this is a new chapter 
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official Sun exam objectives 




Web Application Security 


5.1 Based on the servlet specification, compare 
and contrast the following security issues: 
(a) authentication, (b) authorization, (c) data 
integrity, and (d) confidentiality. 


5.2 In the deployment descriptor, declare the 

following: a security constraint, a Web resource, 
the transport guarantee, the login configuration, 
and a security role. 


5.3 Given an authentication type (BASIC, DIGEST, 
FORM, and CLIENT-CERT), describe its 
mechanism. 


Coverage Notes: 


All of the objectives in this section are covered 
completely in this chapter, including security- 
related DD elements that were NOT covered in 
the deployment chapter. 

We can’t make you a complete security being, 
but the content in this chapter is a start, and 
it’s everything you need for the exam. 
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web app security 


The Pad &uys arc everywhere 

As a web application developer you need to protect your web site. 
There are three main kinds of bad guys you need to watch out for: 

Impersonators, Upgraders, and Eavesdroppers. 


OK Frankie, I'm in! 

Now what? You mean, thafs 
all I have to do to pretend 
to be Heidi Plum? 




POST /BuyStuff.jsp 




<h+ml> 


Pn+^p Credit Card 

r 

<input type=text name=’’ccNum’’> 


</html> 


Server 


Evil Impersonator 



POST /BuyWi+hDiscount.jsp 


Enter Credit Card # 

input type=text name=’’ccNum"> 



Naughty Upgrader 
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evil eavesdroppers 


Awd it's wot just the SERVER that gets hurt... 

Eavesdroppers can be the worst. Not only are they trying to scam 
your web app, but they can burn some of your good clients too. A double 
hit. If an eavesdropper is successful, he’ll swipe your client’s credit card 
information and charge up a storm. 





- — 

1= 

POST /CheckOut.jsp 



[credit card information ".] 

r > 








\ 


\ 


Server for: 
GoodGuys.com 


Innocent User 



Evil Eavesdropper 
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web app security 


The Pig 4 iw servlet security 


Servlet security helps you — the web app developer- 
foil Impersonators, Upgraders, and Eavesdroppers. 
As far as the servlet specification is concerned (and 
hence, the exam), servlet security boils down to four 
main concepts: authentication, authorization, 
confidentiality, and data integrity. 




Server 


Server 


① A^rfhentication 

(to foil Impersonators) 


② A«Aorization 

(to foil Upgraders) 



Server 


③ Confidentiality ④ Data Integrity 

(to foil Eavesdroppers) 
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Sob’s security project 


A little security story 


One day Bob’s boss called Bob into his office. “I’ve 
got an exciting new project for you!” his boss 
said. Bob groaned. “I know I’ve handed you 
some bad jobs in the past, but this one should 
be really fun... I’d like you to design the security 
for our company’s new eGommerce web site.” 
“Security” Bob said, “is hard and boring.” “No 
you’re wrong...” the boss said. “In J2EE 1.4, servlet 
security is supposed to be pretty cool.” 

The boss continued, “Let me give you the elevator 
pitch to get you going, then we’ll go into details 
once you’ve had a chance to think this through.” 
“Ok,” Bob sighed. “Lay it on me.” 

“As you know, this beer website is really hot right 
now. We’ve added several new features, and we’re 
getting a great response. Some of our users are 
happy with just the free recipes we offer, but a lot 
more people than we thought are willing to pay 
for our rare hops and other premium ingredients. 
Oh, and our Frequent Brewer program is a huge 
hit. If a user decides he’ll be a repeat ingredient 
buyer, he can pay a one time fee and upgrade to 
Brew Master status. A Brew Master get special 
discounts, and earns Frequent Brewer points which he 
can redeem for cool brew rewards.” 


Bob continued to listen, mentally calculating the 
code he’ll have to write to implement all this, and 
kissing that tropical vacation goodbye. Meanwhile, 
the boss continued... 


“But now we have to make sure that when one of 
our users makes a purchase, no one can swipe his 
credit card information. Oh, another thing, we’d 
better make sure that when a member logs in, it’s not 
actually one of his friends trying to sneak in. I think 
we need to require that members have passwords 
from now on.” 


“It’s all making sense so far.” said Bob. “When users 
place an order with us, do we want to give them 
some sort of confirmation code?” “Great idea,” 
said the boss. “Oh, and one more thing I forgot — 
you better make sure that only our Frequent 
Brewers get the special discounts.” 

“I think this is enough,” said the boss. “But you 
know... the way things are going, it probably won’t 
be too long before we offer some sort of platinum 


YOUR MIND 

Which security concepts are 
mentioned in the story? 

Reread the story and annotate the places where 
the boss’s requirements call for: 

- authentication 
- authorization 
- confidentiality 
- data integrity 

(Yeah, yeah, we know this is obvious, but we’re just 
warming up the topic before it gets down and dirty.) 
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How to Authenticate iw HTTP World: 
the begmHmg of a secure trawsactiow 

Let’s start with a look at the communications that occur 
between a browser and a web container when the client asks 
for a secure resource on the web site. It’s BASIC, really. 


The HTTP perspective... 



1 The browser makes a request for a 
web resource, “update.jsp”. 

2 The server determines that “update, 
jsp” is a constrained resource. 

3 The container sends back an HTTP 
401 (“Unauthorized”)，with a 
www-authenticate header and realm 
information. 


The HTTP header used 

(or authc 灼 *ti 乙 dtio 灼 . 


④ 



User: Bob.S 
P.W.: ******** 




Client 



GET /update.jsp 
Authorization ： 
Basic ： x5w3. 



web server 


4 The browser gets the 401, and, based 
on the Realm info, asks the user for his 
username and password. 

5 The browser asks for “update.jsp” 
again (stateless, remember), but this time 
the request includes a security HTTP 
header, and a username and password. 

6 The Container verifies that the 
username and password match, and if 
they do, performs authorization. 

7 If all the security stuff is good, the 
Container returns the HTML, if not it 
returns another HTTP 401... 
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A slightly closer look at how the Container 
does Authentication and Authorization 

On the last page we skimmed over what the Container was doing. 
Throughout this chapter we’ll hit different levels of detail, and here 
we zoom in just a little... 

The Container perspective... 



1 Having received the request, 
the container finds the URL in the 
“security table” (stored in whatever 
the Container is using to keep 
security info). 

2 If the Container finds the URL 
in the security table, it checks 

to see whether the requested 
resource is constrained. If it is, it 
returns 401 … 



1 When the Container receives 
a request with a username and 
password, it checks the URL in the 
security table. 

2 If it finds the URL in the security 
table (and sees that it’s constrained), 
it checks the username and 
password information to make sure 
they match. 

3 If the username and password 
are OK, the Container checks to see 
if the user has been assigned the 
correct ‘role’ to access this resource 
(i.e. authorization). If so, the 
resource is returned to the client. 
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How did the Container do that? 


You just got an overview of how the Container handles 
authentication and authorization. But what was going 
on inside the Container that made all that happen? Let’s 
speculate a little on what was going on behind the scenes, 
deep down in the heart of the Container... 


Things the Container did: 


① Performed a lookup on the resource 
being requested 

We already know that the Container is really 
good at finding resources. But now, once it finds 
the resource, it has to determine whether it’s 
a resource that anyone can view, or whether the 
resource has security constraints. Does the servlet 
itself have some sort of security flag? Is there a 
table somewhere? 

@ Performed some authentication 

Once the Container determines that it’s dealing 
with a secured resource, it has to authenticate 
the client. In other words, to find out if “Bob” 
really is Bob. (The most common way is to see if 
Bob knows his own password.) 


I put a LOT of 
cycles into security! 
Anything you can do to make 
security efficient will be a 
big help for performance. 



J FLEX YOUR MIHP 


© Performed some authorization 

Once the Container determines that it is the real 
Bob asking for this resource, the Container has 
to see whether Bob is allowed access to that 
resource. Let’s see, if we have 2,000,000 users, 
and 100 servlets in our webapp, we could throw 
together a little table with 200,000,000 cells... 

Whoa! This could get out of hand in a hurry if 
we’re not careful. 


Which bits of security logic 
and information should be 
hardcoded in the servlet? 

names and passwords? 
users roles? 

access rules for each servlet? 
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Keep security out of the code! 

For most web apps, most of the time, the web app’s security 
constraints should be handled declaratively, in the deployment 
descriptor. Why? 


Top Ten Reasons to do 
your security declaratively 

@ Who doesn’t need more XML practice? 

® Looks great on your resume. 

⑦。 S -ady 

It s on the exam. 

® Allows application develon^ tr, 

Servlets with out access toThe "olTr 

® It’s just cool. 


source code. 


when you 厂 


® a R p e Sr g ^ 

® cSer! ay t0 jUStify the cost of that 
® dSopmem. IClea of com Ponent-based 
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who does security 


Who implements security m a web app? 


My job is easy. Most of 
the time, I don’t even have to 
think about security when I*m writing 
a servlet. And thafs good, because 
my philosophy is ''Security is 
hard... don’t do it.’ 


My job is more involved. I decide 
which roles make sense in the 
application. For Kim’s beer application 
Guest, Member, and Admin are key roles. 
Then I add these roles to the users in our 
Containers users file. Since we use tomcat, 
our file is called tomcat-users.xml. 






Annie the 

application 

administrator 


Kim the servlet 
provider 


My job is huge! Once I have a list of Annies 
roles, and a description of what Kim’s servlets 
do, I can decide which roles should have access to 
which servlets. The deployment descriptor provides 
me with an easy, if somewhat verbose, way to tell 
the Container who has access to which servlets. And 
let me tell you, they doiVt pay me enough... 


O 



Dick the 
deployer 
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^iiereiqrejio 

Dumb Questions 

o ： 

I'm confused 一 if Tm creating servlets, 
shouldn’t I be thinking about security considerations? 


It seems like when people talk about servlet 
security the term "role" is overloaded... 


A • 

Yes, you should; Kim the servlet provider was 
being a little sarcastic. A key point when designing 
servlets is their modularity. For instance, it makes 
sense to separate browsing capabilities from updating 
capabilities. If these two use cases are implemented in 


separate servlets then it will be easy for the deployer to 
assign different security constraints to them. 


I don’t know where YOU work, but in my 
situation I have to wear all three hats: developer, 
admin, and deployer. 


A I 

That’s actually a very common situation. We still 
recommend that when you’re implementing security 
you do it in stages and "imagine”that you’re wearing one 
hat at a time. 


How does programmatic security fit into the 
picture? 


A ! 

We’ll get to programmatic security later in the 
chapter. For now, what’s important to know is that you’ll 
probably find that 95% of the security work you’ll do in 
servlets will be declarative. Programmatic security just 
isn’t used very much. (See "Top Ten Reasons ...’’） 


So far everything you’ve talked about is related 
to authentication and authorization, how about the 
other two in "The Big Four"? 


A ! 

We'll talk about confidentiality and data integrity 
later in this chapter. The servlet specification makes 
implementing these concepts very easy, so we’re 
focusing on authentication and authorization because 
they’re the most complicated to understand and 
implement, and, hint hint, more likely to show up on the 
exam. 


A • 

Good point! When Sun designs J2EE specs 
(EJBs, servlets, JSPs), they often think in terms of the 
kinds of people who might create and administer these 
components. In other words, IT-related job roles. When 
developers tackle security for web apps, they think about 
the types of users that might exist. For instance a "guest” 
might have very few privileges within a web app, and a 
"member” might have more privileges. These "user roles” 
are defined, mapped, and fretted over in the Deployment 
Descriptor. 


o ： 

I've heard about something called "cross-site 
hacking. What is that? 


/// 


A i 

Cross-site hacking can happen when a website 
displays free form text entered by other users (for 
instance, a user book review). If a malicious user keys 
some HTML with, say. Javascript into a text area, and 
the server doesn’t catch it, then unsuspecting browsers 
will render the potentially dangerous hidden code along 
with the good HTML when the page is served. In other 
words, the server sends to users something another user 
typed in, without checking or processing it for malicious 
scripting code. 

o ： 

So we’ve got to deal with "The Big Four." How 
hard is it to set these babies up and maintain them, I 
mean is this going to be painful? 


蠢 


Yes, we're afraid it might hurt a little. Actually, 
some aspects of security are really low overhead, while 
others DO require a fair amount of work. But none of it is 
very complicated, just potentially tedious. 
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The Pig Jobs m servlet security 

The table below will give you a feel for the key items in servlet 
security. Authorization is the most time-consuming to implement 
and Authentication is next. From the servlet perspective, 
Confidentiality and Data Integrity are pretty easy to set up.* 


Security 

concept 

Who，s 

responsible? 

Complexity 

level 

Effort 

level 

Exam 

importance 

Authentication 

Admin 

medium 

high 

medium 

Authorization 

Deployer 

high 

high 

high 


(mostly) 




Confidentiality 

Deployer 

low 

low 

low 

Data Integrity 

Deployer 

low 

low 

low 


We’re going to emphasize Attdiorizafion in Ais 
cli^ter because it’s Ae most important and 
complex of ihe vendor-neutral security concepts. 


^Actually, getting the SSL certification is not trivial, so by “easy” 
we mean ct you don’t really do anything in your servlet code.” 
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Just enough Authcwticatiow to discuss Authorization 


Later in the chapter we’ll go deeper into authentication, but for now we’ll look at getting just 
enough authentication data into the system so that we can focus on authorization. A user can’t be 
authorized until he’s been authenticated. 

The servlet specification doesn’t talk about how a Container should implement support for 
authentication data, including usernames and passwords. But the general idea is that the 
Container will supply a vendor-specific table containing usernames and their associated 
passwords and roles. But virtually all vendors go beyond that and provide a way to hook into 
your company-specific authentication data, often stored in a relational database or LDAP system 
(which is beyond the scope of this book). Typically, this data is maintained by the administrator. 

The security “realm” 

Unfortunately, realm is yet another overloaded term in the security world. As far as the servlet 
spec is concerned, a realm is a place where authentication information is stored. When you’re 
testing your application in Tomcat, you can use a file called “tomcat-users.xml” (located in 
tomcat’s conf/directory, NOT within webapps). That one “tomcat-users.xml” file applies to ALL 
applications deployed under web-apps. It’s commonly known as the memory realm because Tomcat 
reads this file into memory at startup time. While it’s great for testing, it’s not recommended for 
production. For one thing you can’t modify its contents without restarting Tomcat. 


The tomcat-users.xml file 


<tomr:a t,-i] 




<role rolename=’’Member’’/> 

<user username=’’Bill" password=’’coder" roles=’’Member , Guest" /> 



you 



uscs ai 


Enabling authentication 

To get authentication working (in other words, to get the Container to ask for a username 
and password), you need to stick something in the DD. Don’t worry about what this means 
for now, but if you want to start playing around with authentication, use this: 


<auth-method>BASIC</auth-method> 

</login-config> 
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Authorization Step 1: defmmg roles 

The most common form of authorization in servlets is for the container 
to determine whether a specific servlet — and the invoking HTTP request 
method — can be called by a user who has been assigned a certain 
security “role”. So the first step is to map the roles in the vendor-specific 
x users”file to roles established in the Deployment Descriptor. 


Annie is an 、、 Admin〃, 
a ''Member” and a 
Guest". 


VENDOR-SPECIFIC: 

The <role> element in tomcat-users.xml 









uscv-s 扣 d v-olcs 

data ^brutWc. 


<tomcat-users> 

<role rolename 
<role rolename 
<role rolename 


Diane is both a 
'Member" and a xl Guesf 



Ted is a 

xx Guesr. 


0 


<user username 
<user 
<user 


username: 

username: 


r Annie" password=’’admin 

M 

r Diarie 〃 password=〃coder 
'Ted 〃 password=〃newbie 


roles= "Admin, Member, Guest 7 
roles= "Member, Guest" /> 

roles="Guest" /> 


/> 


</tomcat-users> 


I 如 Wa 七 - 说 d 仏⑽卞 

look a lot i»ke -tW»s. Uohu a 
uscv 63^ V^avc —1 七 士， 


SERVLET-SPECIFICATION: 

The DD <secur\ty-roie> element in web.xinl 




l/Vheh i*t’s -time -pov- au 七 hoV~izaticm, ihc 

dohta'mcv v/ill 你外 its vc^dov- spcdi-Pid Volc^ 
ih-Pov-maiioh -to whatcvcv- <\role — 的 arwe>’s i 七 
-fmds •m youv- DP’S <scdu\rity-\rolc> dcrwChts. 


<security-roleXrole-name>Admin</role-nameX/security-role> 

<security-roleXrole-name>Member</role-nameX/security-role> 

<security-roleXrole-name>Guest</role-nameX/security-role> 


〈 login—config 〉 ’ "t 七 you dlv/dys 七 lie 

<auth-method>BASIC</auth-method> <lojm— elerwCh 七 i*P you v/arrt "to 

</login-config> enable 

The deployer creates <role-na»ie> 
elements in the DD, So that the 
Container can roles to users. 
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Authorization Step 2: defmmg 
rcsourcG/mcthod cowstramts 

Finally, the cool part. This is where we get to specify, declaratively, that a 
given resource/method combination is accessible only by users in certain 
roles. Most of the security work you’ll do is probably with <security- 
constraint> elements in your DD. (Lots of picky rules later.) 


<security-constraint> element in the DD: 


<web-app...> 

<security-constraint> 

<web-resource-collection> 






/on' 


<web-resource-name>UpdateRecipes</web-resource-name> 

<url-pattern>/Beer/AddRecipe/*</url-patter n> 
<url-pattern>/Beer/ReviewRecipe/*</ url-pattern 〉 


<http-method>GET</http-method> 

<http-method>POST</http-method> 





</web-resource-collection> 

<auth-constraints 

<role-name>Admin</ role-name> 


The nr\cthod> elerwC)rrt(S) 

desdvibe HTTP methods av-c 
dohs-tv-a'med (vesiv-idied) (or -the 
vcsouv-dcs dc-Pmcd by ihc URL 
pattev-h. 

丄 G 丄 =11CLILL<3 / J 

<role-name>Member</role-name> . . C optional <3uT ： h—clcmch*t 

</auth-constraint> ^olcs ChH ihVoke -the 

^ohst^i h ed HTTP Methods. / h oi^ 

</security-constraint> wolrds, ，t says WHO is allowed io do a 6BT 

POST oh the s ? c^\cd URL P AW. 


</web-app> 


Both of us are allowed 
to do a GET and POST on the 
resources in the /Beer/AddRecipe 
directory and the /Beer/ 
ReviewRecipe directory. 


O 



Member 


Admin 




Bummer. My role (guest) is not 
listed under <auth-constraint> / so I 
cannot do a GET or POST on anything in 
those directories. But I CAN do a 
TRACE, HEAD, PUT... 


Because they re in the ''Member*" 
role, Diane and /Annie can do 
GET and POST on resources 
that fit the <url-pattern> 
elements. Ted is only a M Guest ,, / 
so he can't do a GET or POST. 


Guest 
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The <sGcurity-cowstramt> rules for 
<WGb-rGsourcG-colkctiow> elements 

Remember; the purpose of the <web-resource-collection> 
sub-element is to tell the container which resources and 
HTTP Method combinations should be constrained in such 
a way that they can be accessed only by the roles in the 
corresponding <auth-constraint> tag. We wish we could 
tell you to relax here, but you really do need to know the 
details of these elements. If you make one little mistake 
in the security part of your DD, you could leave the most 
sensitive parts of your app open to... everyone. 


The <web-resource-collection> sub-element of 
<security-constraint> 

<web-app...> 

〈 security-constraint 〉 


<web-resource - co1lec tion> . 

These the div-^Wics 
with ^ohs-tvaihts. 


<ur1-pattern>/Beer/AddRecipe/*</url-pattern 〉 
<url-pattern>/Beer/ReviewRecipe/*</url-pattern> 

<http-method>GET</http-method> 

</web-resource-collection> 




<web-resource-name> 
UpdateRecipes 
</web-resource-name> 


<auth-constraint> 

參參 •參 

</auth — constraint 〉 

</security-constraint 〉 



</web-app> 


This 砧 y s that the 与 ET 

method be acussed OHLV 

by the irolcs dc-fihed ih the 

<au-th-^ohS-t\raih-t>. 

But the OTHBR methods have 

ho ^o^aiht, so they be 
aucsscd by ahyohe. 


Key points about 

— <web-resour(e-(olle<tion> —— 

y The <web-resource-collection> element 
has two primary sub-elements: 
<url-pattern> (one or more) 

<http-method> (optional, zero or more). 

> The URL patterns and HTTP Methods 
together define resource requests that 
are constrained to be accessible by only 
those roles defined in <auth-constraint>. 

y A <web-resource-name> element is 
MANDATORY (even though you probably 
won’t use it for anything yourself). 

(Assume it's for IDE or future use.) 

> A 〈 description〉element is OPTIONAL. 

> The <url-pattern> element uses servlet 
standard naming and mapping rules (refer 
back to the deployment chapter for details 
on URL patterns). 

y You must specify at least one 

<url-pattern>, but you can have many. 

> Valid Methods for the <http-method> 
element are: GET, POST, PUT, TRACE, 
DELETE, HEAD, and OPTIONS. 

> If /lo HTTP Methods are specified then 
ALL Methods will be constrained (which 
means they can be accessed only by the 
roles in <auth-constraint>)!! 

> If you DO specify an <http-method>, 
then only those methods specified will 
be constrained. In other words, once you 
specify even a single <http-method>, you 
automatically enable any HTTP Methods 
which you have nof specified. 

> You can have more than one 
<web-resource-collection> element in the 
same 〈 security-constraint〉. 

y The <auth-constraint> element applies to 
ALL <web-resource-collection> elements 
in the 〈 security-constraint〉. 
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r T ' ConsSnS a?the 

:: z 二一脱_ _一 — NY 
〈 http-method 〉 elements. 

The < a •一 —二 0 二 

HTTP Methods S to°be ^sumption is that you want the 

: f t e h =t 

_ S authenticated), can invoke those HTTP MethodT rG9ardless of whether the client 
(You'll probably never do that because 'thfwhT" 6 constrainin 9 ALL HTTP Methods 

constrain specific HTTP requests on s ^nstreint is to - 

doXXX() method, ^oifyTu Tavl only afoGeUy Unless _’ ve overridden the 

ImZZ TeZZT Sing ^e lement 


<3uth-constrdint> rules 


Picky 〈 security - cowstramt〉rules for 
<auth-cowstramt> sub-dcmcwts 

Even though it’s got constraint in its name, this is the sub-element that 
specifies which roles are ALLOWED to access the web resources specified 

by the <web-resource-collection> sub-element(s). 


The <auth-constraint> sub-element of <security-constraint> 


<web-app...> 

〈 security-constraints 

<web-resource-collection 〉 


</web-resource-collection> 

<auth-constraint> 

<role-name>Admin</role-name> 
<role-name>Member</role-name> 
</auth-constraint> 

</security-constraint> 

</web-app> 



% 


It 

气 r 


I 


(1 




— <role-name> rules - 

y Within an <auth-constraint> element, the 
<role-name> element is OPTIONAL. 

y If <role-name> elements exist, they tell 
the Container which roles are ALLOWED. 

> If an <auth-constraint> element exists 
with NO <role-name> element, then 
NO USERS ARE ALLOWED. 

> If <role-name>*</role-name> then ALL 
users are ALLOWED. 

> Role names are case-sensitive. 


— <auth-(onstraint> rules - 

> Within a 〈 security-constraint 〉 element, 
the <auth-constraint> element is 
OPTIONAL. 

y If an <auth-constraint> exists, the 
Container MUST perform authentication 
for the associated URLs. 

y If an <auth-constraint> does NOT 
exist, the Container MUST allow 
unauthenticated access for these URLs. 

y For readability, you can add a 

〈 description〉inside <auth-constraint>. 
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The way <auth-cowstramt> works 


Contents of Which roles 

<auth-constraint> have access 



Admin, Member, 
and Guest 


Member 



Guest 


<security-constraint> 

<auth-constraint> 

<role-name>Admin</ role-name> 
<role-name>Member</ role-name> 
</auth-constraint> 

</security-constraint> 


Admin 

Member 



<security-constraint> 

<auth-constraint 〉 

<role-name>Guest</ role-name> Guest 
</auth-constraint> 

</security-constraint 〉 

<security-constraint> 


<auth-constraint> 

<role-name>*</role-name> 


Everybody 


</auth — constraint 〉 

</security-constraint> 


If there is NO 
<auth~constraint> 



\\,t SAMt 


Everybody 















<security-constraint> 

<auth-constraint/> 

</security-constraint> 



Nobody 

山一 s . 



NO <aut h -constraint>ist h e opposite of an EMPTY <a U t h -co„straint/> ! 

you DO put in an <auth-constramt , th ANY role to have access, you MUS 

口 « - - - — am exp，icitly stat ' n9 m 

P r0 les allowed and, by the way, there aren t any. 
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when <security-constraint>s collide 


How multiple 〈 security - cowstramt〉ckmcwts mfgract 

Just when you thought you had <security-constraint> figured out, you realize that multiple 
〈 security-constraint〉elements might conflict. Look at the DD fragments below, and 
imagine the different combinations of <auth-constraint> configurations that might be used. 
What happens, for example, if one <security-constraint> denies access while another <security- 
constraint〉explicitly grants access... to the same constrained resource, for the same role? 
Which 〈 security-constraint 〉 wins? The table on the opposite page has all the answers. 


Multiple <security-constraint> elements with the same (or 
partly-matching) URL patterns and <http-method> elements: 


<web-app...> 

<security-constraint 〉 

<web-resource-collection> 

<web-resource-name>Recipes 
</web-resource-name 〉 

<url-pattern>/Beer/DisplayRecipes/* 

</url-pattern> 

<url-pattern>/Beer/UpdateRecipes/ 

</url-pattern> 

<http-method>POST</http-method> 

</web-resource-collection 〉 




</security-constraint 〉 


Boih o( -these <scdu\ri-ty-do^siv-a'mt> 
spcdi-Py vesouvdes deemed m 
VBccv-/UpdaicRcdipcs/ 


<security-constraint> 


clcwcv\*b …沾 
v-olc 


<web-resource-collection 〉 
<web-resource-name>Update 
</web-resource-name> 

<url-patter n>/Beer/UpdateRecipes/* 

</url-pattern> 

<url-patter n>/Beer/UpdateUsers/* 

</url-pattern> 

<http-method>POST</http-method> 

</web-resource-collection 〉 



</security-constraint 〉 

</web-app> 


How should the container handle 
authorization when the same resource is used 
by more than one <security-constraint>? 
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Puelmg <auth-cowstramt> elements 

If two or more <security-constraint> elements have partially or fully overlapping 
<web-resource-collection> elements, here’s how the container resolves access to 
the overlapping resources. A and B refer to the DD on the previous page. 

Contents of (A) Contents of 


Who has Access 
to £ UpdateRecipes’ 


<auth-constraint> <auth-constraint 〉 

<role-name>Guest</ role-name> <role-name>Admin</ role-name> 
</auth-constraint> </auth-constraint> 


<auth-constraint> <auth-constraint> 

<role-name>Guest</ role-name> <role-name>*</ role-name> 
</auth-constraint> </auth-constraint> 



<auth-constraint/> 


<auth-constraint 〉 

<role-name>Admin</ role-name> 
</auth—constraint 〉 


Guests and Admins 



4 NO <autli-constraint> 
element 


<auth-constraints 

<role-name>Admin</ role-name> 
</auth-constraint> 


Everybody 



Rules for interpreting this table: 

1 When combining individual role names, all of the role 
names listed will be allowed. 

2 A role name of“ * “ combines with anything else to 
allow access to everybody. 

3 An empty <auth-constraint> tag combines with 
anything else to allow access to nobody! In other words, 
an empty <auth-constraint> is always the final word! 

4 If one of the <security-constraint> elements has no 
<auth-constraint> element, it combines with anything else 
to allow access to everybody. 


猶 en two different non- 

e ^y <a 础 - constrain^ 

element apply toAesailie 

constrained resource, access 
is ^Panted to iJie union of 

ail roles froiq Loft of 

<a«fli-constrainf> elemei 
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^iierei£irejiP 

Dumb Questions 


o ： 

I understand that putting in an empty <auth-constraint/> ele¬ 
ment tells the Container that NOBODY from any role can access the 
constrained resource. But I don’t understand WHY you would ever do 
that. What good is a resource that nobody can access? 



When we said, "NOBODY", we meant, "Nobody from OUTSIDE the 
web app”. In other words, a client can’t access the constrained resource, 
but another part of the web app can. You might want to use a request 
dispatcher to forward to another part of the web app, but you don’t ever 
want clients to request that resource directly. Think of 1 00% constrained 
resources as sort of like private methods in a Java class — for internal use 
only. 

o ： 

Why does the <auth-constraint> element go inside <security- 
constraint> but NOT inside the <web-resource-collection> element? 



This way, you can specify a single <auth-constraint> element 


(which could include multiple roles), and then specify multiple resource 
collections for which the <auth-constraint> role list applies. For example, 
you might define an <auth-constraint> for a Frequent Buyer role, and then 
put <web-resource-collection> elements in for the all the different parts 
of the web app where a Frequent Buyer gets special access. 

o ： 

Do I actually have to sit there and type in every one of my users 
with their passwords and roles? 



If you're using the test memory realm from Tomcat, yes. But 
chances are, in the real world you’re using a production server that gives 
you a hook into the LDAP or database where your real user security info is 
stored. 
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Alice's recipe servlet a story about 
programmatic security... 

Alice knows that most of the time declarative security is the way to go. It’s flexible, 
powerful, portable, and robust. As web application architectures have evolved, 
individual servlets have become more and more specialized. In the old days, a single 
servlet would be used to provide business logic to support employees and managers. 
Today, these functions would probably be split into at least two distinct servlets. 

But, lucky Alice has just inherited someone else’s “RecipeServlet”. Alice has heard a 
rumour that RecipeServlet uses programmatic security, so she starts looking through 
the source code and finds this snippet... 


if ( request • isUserlnRole (''Manager")) 

// do the UpdateRecipe page 




? 


as a v-olc 


else { 

// do the ViewReclpe page 




-if^^rpen your pencil 


What security step must have 
happened before this snippet runs? 

What security step is implied by 
this snippet? 

What part, if any, does the DD 
play in this snippet? 

How do you think this code works? 

What if the role of “Manager” 
doesn’t exist in your container? 


What are the implications? 

Think about what you’ve learned so far in this chapter, look at the 
small code snippet above, and try to answer the questions. 
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Customizing methods: isUserlnRoleO 


In HttpServletRequest, three methods are associated with 
programmatic security: 

getUserPrincipal() , which is mainly used with EJBs. We won’t 
cover it in this book.* 

getRemoteUser() , which can be used to check authentication 
status. It’s not commonly used, so we don’t cover it in this book 
(and there’s nothing else you need to know about it for the 
exam). 

isUserInRole() , which we’ll look at now. Instead of authorizing 
at the HTTP method level (GET, POST, etc.), you can 
authorize access to portions of a method. This gives you a way 
to customize how a service method behaves based on the user’s 
role. If you’re in this service method (doGet(), doPost(), etc.), 
then the user made it through the declarative authorization, 
but now you want to do something in the method conditionally, 
based on wheher the user is in a particular role. 


How it works: 

① Before isUserlnRole() is called, the user needs to be 
authenticated. If the method is called on a user that 
has not been authenticated, the Container will always 
return false. 

② The Container takes the isllserlnRole() argument, in 
this example “Manager”，and compares it to the roles 
defined for the user in this request. 

@ If the user is mapped to this role, the Container 
returns true. 


I just got this servlet from 
Stan in accounting and he's hard¬ 
coded roles that we don’t even have. 
(What the %$<&# is a super Customer?) 
No way am I gonna redefine all the 
roles in my container just so I can 
use Stan*s stupid servlet... 



How do you match up roles in 
the DD with roles in a servlet? 


: We do, however, know of this 
really nice EJB book... 
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The declarative side of programmatic security 


There’s a good chance that when a programmer 
hard-codes security role names in a servlet (to use as 
the argument to isUserInRole())，the programmer was 
just making up a fake name. He either didn’t know the 
real role names, or he’s writing a reusable component 
that’ll be used by more than one company, and those 
companies aren’t likely to have the exact role names 
the programmer used. (Of course, if the programmer 
really wants to build reusable components, hard-coding 
a role name is a Terrible Idea, but we’ll suspend 
disbelief for now.) 

It turns out that the Deployment Descriptor has a 
mechanism for mapping hard-coded (which means 


made-up) role names in a servlet to the “official” 
<security-role> declarations in your Container. 
Imagine, for example, that the programmer used 
“Manager” as the isUserInRole() argument, but your 
company uses “Admin” as the <security-role>, and 
you don’t even have a “Manager” security role. So 
even if you can’t stop a programmer from hard- 
coding a role name, you at least have a work-around 
when the hard-coded roles don’t match your real role 
names. Because even if you do have the servlet source 
code, do you really want to change, recompile, and 
retest your code just to change every instance of 
“Manager” to “Admin ”？ 


In the servlet 

if ( request • isUserlnRole (''Manager") ) { 

// do the UpdateRecipe page 


else { 

// do the ViewRecipe page 


In the DD 

<web-app...> 



<servlet> 

-role-ref> 

nager</ role-name> 
<role-link>Ad iin</ role-link> 

</security-rol' -ref> 

</servlet> 






<security-role ： 

< r o 1 e - name >Admin< / role-name> 
</security-role> 

</web-app> 


r a “ re al” <security-role> name- 

When the Container hits as^e^n^en the 

matching <security-role-ref>_lfit find <s n jt /e> name . Think about it— 
hard-coded name really ㈣ 二 y0U r company, but it might 

you might really HAVE a a ^ ^ n tthan what the programmer intended. So 
mean something completely d f e f 二 ^u anaqe Ao ^Admin", and then map 

:二 r 

when both include the same <role-name>. 


TV , e 仪崎# >广七 

Jed) vole .a-es ^ d 广七 

dements. 
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cf^^rpen your pencil 


Assume all security constraints below have the 
same <url-pattern> and <http-method> elements. 
Based on the combinations shown, decide who 
can directly access the constrained resource. 


Nobody 


Guest 


Member Admin Everyone 


< security-cons traint> 

<auth-constraint> 

<role-name>Guest</role-name> 

</auth-constraint> 

</security-constraint 〉 






< se cur ity-cons traint> 

<auth-constraint/> 

</security-constraint 〉 






/"V <security-constraint> 

© … 

<auth-constraint 〉 

<role-name>Admin</role-name> 

</auth-constraint> 

</security-constraint 〉 

<security-constraint> 

<auth-constraint 〉 

<role-name>Guest</role-name> 

</auth-constraint> 

</security-constraint 〉 






< s ecur ity-cons traint> 

<auth-constraint 〉 

<role-name>Guest</role-name> 

</auth-constraint> 

</security-constraint 〉 

< security-constraint> 

<auth-constraint 〉 

<role-name>*</role-name> 

</auth-constraint> 

</ security-constraint 〉 






< s ecur ity-cons traint> 

<auth-constraints 

<role-name>Member</role-name> 

</auth-constraint> 

</ security-constraint 〉 

< security-constraint^. Assume that NO <3Uth- 

/ / •. • .如 , .^ constraint〉is defined 

</ security-cons tramt> 






< s ecur ity-cons traint> 

<auth-constraint 〉 

<role-name>Member</role-name> 

</auth-constraint> 

</ security-constraint 〉 

< security-constraint> 

<auth—constraint /〉 

</ security-constraint 〉 
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OK, so I know all about 
authorization, but I still 
don't know how authentication 
happens, or exactly what I have 
to do to make the Container ask 
for a name and password... 



Authcwticatiow revisited 

For a J2EE Container, authentication comes down to this: ask 
for a user name and password, then verify that they match. 

The first time an un-authenticated user asks for a 
constrained resource, the Container will automatically 
start the authentication process. There are four types of 
authentication the Container can provide, and the main 
difference between them is, “How securely is the name and 
password info transmitted?” 

The FOUR authentication types 

BASIC authentication transmits the login information in 
an encoded (not encrypted) form. That might sound secure, but 
you probably already know that since the encoding scheme 
(base64) is really well known, BASIC provides very weak 
security. 

DIGEST authentication transmits the login information in a 
more secure way, but because the encryption mechanism isn’t 
widely used, J2EE containers aren’t required to support it. For 
more info on DIGEST authentication, check out the IETF 
RFC 2617 (www.ietf.org/rfc/rfc2617.txt). 


CLIENT-CERT authentication transmits the login 
information in an extremely secure form, using Public Key 
Certificates (PKG). The downside to this mechanism is that 
your clients need to have a certificate before they can login to 
your system. It’s fairly rare for consumers to have a certificate, 
so CLIENT-CERT authentication is used mainly in business to 
business scenarios. 


The three types above — BASIC, DIGEST, and GLIEN-GERT 
all use the browser’s standard pop-up form for inputting the 
name and password. But the fourth type, FORM, is different. 

FORM authentication lets you create your own custom login 
form out of anything that’s legal HTML. But... of all four 
types, the form-based info is transmitted in the least secure 
way. The username and password are sent back in the HTTP 
request, with no encryption. 
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Implementing Authentication 

This is the simple part — simply declare the authentication 
scheme in the DD. The main DD element for 
authentication is <login-con£ig>. 


Four <login-config> examples: 

<web-app...> 

<login-config> 

<auth-method>BASIC</ auth-method> 
</login-config> 

</web-app> 

一 or 一 



AS|C »skas^ 


<web-app...> 


<login-config> 

<auth-method>DIGEST</ auth-method> 



|-f youv- torvta’mev sufpo\rb i*t 

will handle ALL -the details. 


</login-config> 

</web-app> 


or 


<web-app...> 

<login-config> 

<auth-method>CLIENT-CERT</auth-method> ^ 1 ^ 

</login-config> 

</web-app> 


CLIBHT is easy but youir 

乙 lights rhus-t have dc\rti-pidatcs. H does aive 

youEXTRA-STRE^Tttp^tio,/ 


— or — 

<web-app...> 

<login-config> 方 FOR/1/I is the most Complicated 

<auth-method>FORM</auth-method> 美 *to y/dl look at rt m 

<form-login-config> detail iht 

<form-login-page>/loginPage.html</form-login-page> 

<form-error-page>/loginError.html</form-error-page> 

</form-login-config> 

</login-config> 

</web-app> 


Except fop FORM, once you’ve declared 
Ae <login-config> element in Ae DD, 
implementing A«Aentication is done! 
(Assuming you’ve already configured username/ 
password/role info into your server.) 
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Form-Pascd Authcwticatiow 


Although there’s more to implementing it than with the other forms of authentication, 
FORM-based isn’t that bad. First, you create your own custom HTML form for the user login 
(although this can certainly be generated by a JSP). Then you create a custom HTML error 
page for the Container to use when the user makes a login error. Finally, you tie the two 
forms together in the DD, using the <login-config> element. Note: if you’re using Form-based 
authentication, be sure to turn on SSL or session tracking, or your Container might not 
recognize the login form when it’s returned! 


What YOU do: 

① Declare <login-config> in the DD 
® Create an HTML login form 
© Create an HTML error form 


① 


In the DD... 


f ntries «ie 

Sr to c ° 9ln f ° rm are the 

/ith^ municatin 9 

oth the container: 
—security— C h eck 
.username 
-Password 


② 


< login-config> 

<auth-method>FORM</auth-method> 

< form-login-config> 

<form-login-pagg^i 錢 oginPage•html</form-login-page> 
<form-error-page>/loginError.html</form-error-page> 
</f orm-login-config> 

</login-config> 



Inside the loginPage.ht 

Please login daddy-o 

<form method="POST" action="j_security_check"> 

<input type="text" name=Username ,, > 

〈input type=’’passwo 禪 " name="j_password"> 

<input type= 〃 submit 〃 value= 〃 Enter〃> 

</f orm> K 





TKc Co\r\*b3mcv v^c^uiv'cs 七七 
七 HTTP \rc<\ucs*b will s-tov-c 

uscv 於 ame m: 


(§) Inside the loginError.html 


<htmlxbody> 

Sorry dude, wrong password 
</body></html> 


丁 he dohtaihCV \rc^ui\rcs that the 
杆丁丁 P V"C^ucst will s-fcovc the 
passwoird ih: j^passwov-d 


Don’t 

relax! 


You need to know everything 
on this page for the exam! 
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Summary of Authcwticatiow types 

This table summarizes key attributes of the four authentication types. 
“Spec” refers to whether this type of authentication mechanism is 
defined in the HTTP spec or the J2EE spec. (Hint: you’ll need to 
remember this table when you take the exam.) 


Type 

Spec 

Data Integrity 

Comments 

BASIC 

HTTP 

Base64 - weak 

HTTP standard, all browsers support it 

DIGEST 

HTTP 

Stronger - but not SSL 

Optional for HTTP and J2EE containers 

FORM 

J2EE 

Very weak, no encryption 

Allows a custom login screen 

CLIENT- 

J2EE 

Strong - public key, (PKC) 

Strong, but users must have certificates 


CERT 


_tJiereiqrejio 

Dumb Questions 

o ： 

What does data integrity 
have to do with Authentication? 


A ： 

When you’re authenticating a 
user, she’s sending you her username 
and password. Data integrity and 
confidentiality refers to the degree 
to which an eavesdropper can steal 
or tamper with this information. In 
a moment, we’ll talk about how 
to implement data integrity and 
confidentiality during login. 

Data integrity means that the data 
that arrives is the same as the data 
that was sent. In other words, nobody 
tampered with it along the way. Data 
confidentiality means that nobody 
else can see the data along the way. 
Most of the time, though, we treat 
data integrity and confidentiality as a 
single goal — things you do to protect 
data during transmission. 


iarpen your pencil 


Fill-in the missing pieces for this FORM-based 
authentication app. This is just to help you memorize the 
authentication-related pieces of the DD and the HTML form. 
(The answers are on the previous page.) 


DD 


<login-config> 

<auth-method> 


</auth-method> 


< form-login-config> 
< 


>/loginPage.html</ 


> 


<form-error-page>/loginError.html</form-error-page> 
</f orm-login-config> 

</login-config> 

HTML _ 


Please login daddy-o 
<form method= 〃 POST 〃 action: 


<input type: 

<input type: 

<input type: 
</form> 


’text" name: 


> 


> 


'password" name="j_password’’> 
r submit 〃 value= 〃 Enter"> 
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Form-based authentication doesn’t 
have any protection for the data. But I 
don’t want to use the ugly browser login 
window that the other three authentication 
types use. Oh if only there were a way to 
use my own custom login form, but still 
protect the username and password 
when they re sent back... 



She doesn't know about J2EE's 
"protected transport layer cowwcctiow" 

Don’t Panic. You can have your custom login cake and secure it too. 
Login data is still data, so you can secure it in the same way you’d want 
to protect an online shopper’s credit card number — using your J2EE- 
compliant Container’s data integrity and confidentiality features. 
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Securing data m transit: HTTPS to the rescue 

When you tell a J2EE Container that you want to implement data 
confidentiality and/or integrity, the J2EE spec guarantees that the data to be 
transmitted will travel over a “protected transport layer connection”. In 

other words, Containers are not required to use any specific protocol to handle 
secure transmissions, but in practice they nearly all use HTTPS over SSL. 


HTTP request 一 not secured 

HTTP over TCP 



POST /CheckOut.jsp 
... [request headers] 

creditCardNum = 5551212343&expD 
ate = 0505 



web server ) 




container 


POST /advisor/SelectBeerTaste.do HTTP/1.1 
... [request headers here] 

creditCardNum = 5551212343&expDate=0505 


The Bad Eavesdropper gets a 
copy of the HTTP request that 
contains the client’s credit card 
info. The data isn’t protected, so 
it comes over in the body of the 
POST in a nice readable form. 
The Eavesdropper is happy. 


A secured HTTPS over SSL request 



HTTPS over SSL over TCP 


POST /CheckOut.jsp 

e7x33f- 

g7gwXll sdf@11 
f666d41dd f666d41dd 



container 


The Bad Eavesdropper gets a copy 
of the HTTP request that contains 
the client’s credit card info. 

But because it was sent with 
extra-strength HTTPS over SSL, he 
CANNOT read the information !! 
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■ 贫 ^^rpen your pencil 


Do you need for every request and 
response to be secure? If not, which 
parts of your app need protected 
transmissions? 


Do NOT tell me that if I 
0\ choose to use data protection 
it encrypts EVERY request 
( and response in my app. 

! 


Think about what’s been covered in this chapter. If your web application is 
going to be fast, efficient and secure, you’ve got some questions to answer … 
(there are no answers for this one; it’s for you to figure out). 


What do you think data confidentiality 
means? 


What do you think data integrity means? 


If you could apply transmission security 
measures to only some requests and 
responses, how would you want to tell the 
Container which requests and responses? 


Can you think of any other DD elements 
that work on the same level of granularity 
that you want for declaring protected 
transmissions? 
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confidentiality and integrity 


How to implement data cowfidewtiality and 
mtcgrity sparingly awd dgclarativcly 

Once again, we turn to the DD. In fact, we’ll use our old friend 〈 security- 
constraint 〉 for both confidentiality and integrity by adding an element called 
<user-data-constraint> . And when you think about it, it makes sense — if you’re 
thinking about authorization for a resource, you’re probably going to consider 
whether you want the data transmitted securely. 

<web-app...> 

<security-constraint> 


<web-resource-collection 〉 

<web-resource-name>Recipes</web-resource-name> 

<url-patter n>/Beer/UpdateRecipes/*</url-pattern> 
<http-method>POST</http-method> 

</web-resource-collection 〉 


<auth-constraint> 

<role-name>Member</ role-name> 
</auth-constraint> 



T W “❹ U 地 ㈣ : 广 

匕 


<user-data-constraint> 

<transport-guarantee>CONFIDENTIAL</transport-guarantee> 
</user-data-constraint> 


</security-constraint> 

</web-app> 


Put these three sub-elements 
together to read: 

Only Members can make POST 
requests to resources found in 
the UpdateRecipes directory, 
and make sure the transmission 
is secure. 


Legal values for <transport-guarantee> 


NONE 

This is the default, and it means there’s no data protection. 

INTEGRAL 

The data must not be changed along the way. 

CONFIDENTIAL 

The data must not be seen by anybody along the way. 


x/oull ?v-obaW7 

，― 公一：二 t> 

bo V^avc a 破 - datam 
• ( jf 7 ouVe 匕？代七 “ 七 


NOTE: although not guaranteed by the spec, in practice virtually every 
Container uses SSL for guaranteed transport, which means that both 
INTEGRAL and CONFIDENTIAL do the same thing—either one gives you 
both confidentiality and integrity. Since you can have only one <user-data- 
constraint> per 〈 security-constraint〉, some people recommend you use 
CONFIDENTIAL, but again, it will probably never matter in practice, unless 
you move to a new (and unusual) Container that doesn’t use SSL 
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web app security 


Wait... how do you guarantee 
that the request data is 
confidential? The Container doesn't 
even know ifs supposed to protect the 
transmission until AFTER the client 
makes the request... 



Protecting the request data 

Remember that in the DD, the <security-constraint> is 
about what happens after the request. In other words, 
the client has already made the request when the 
Container starts looking at the 〈 security-constraint 〉 
elements to decide how to respond. The request data has 
already been sent over the wire. How can you possibly 
remind the browser that, “Oh, by the way... if the user 
happens to request this resource, switch to secure 
sockets (SSL) before sending the request.” 


What can you do? 


You already know how to force the client to get a 
login screen — by defining a constrained resource in 
the DD, the Container will automatically trigger the 
authentication process when an unauthenticated user 
makes the request. 


So now we have to figure out how to protect the data 
coming in from a request... even (and sometimes 
especially) when the client has not yet logged in. 


We might want to protect their login data! 
Turn the page to see how it all works... 
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without <transport-guarantee> 


Unauthorized client requests a constrained resource 
that has NO transport guarantee 


① 


Client requests /BuyStuff.jsp, 
which has been configured in the 
DD with a 〈 security-constraint〉. 



HTTP over TCP 


POST /BuyStuff.jsp 


The Container checks the 〈 security- 
constraint> and finds that /BuyStuff is 
a constrained resource... which means 
the user MUST be authenticated.The 
Container finds that there is NO transport 
guarantee for this request. 


i<user-data-constraint> 
<transport-guarantee> 

NONE 

</transport-guarantee 〉 
</user-data-constraint> 




<secur 

4y r\ 

<url-p 

Ittern> 

/BuySt 

[iff 

</urli 

pattern 〉 

<httcf 

method 〉 

POS 7 

0mg^!od> 


web.xml 


container 


is dc-faul*t) so 
i*t is y/ha*t you e 鄕 
i-f you do HOT spcdi-fy 
d DD -fo\r 

<*t\ra^spo\rt-5uav-a^*tcc> 


② 


The Container sends a 401 response to 
the client, that tells the browser to get login 



information from the user. 


401 Unauthorized 
WWW-Authenticate ： 
Basic realm = ,, user H 



container 


⑤ 


The browser makes the same request again, 
but this time with the user’s login information in 
the header. 



POST /BuyStuff.jsp 
Authorization ： 

Basic ： x5w3..= 


container 


Yokes’ The dicirrt’s lo^'m v/ds 

HOT seirrt securely- The uscv-^a^c 

d^dl pdssy/ord v/c\rc 灼 at p\ro*tc^*tcd | 


④ 



The Container authenticates the client (checks that username and password 
match the user data configured in the server). Then the Container authorizes 
the request to make sure that this user is in a role that’s allowed to get the 
constrained resource. Everything checks out, so the response is sent. 


<html> 

Enter Credit Card # 

input type=text name=ccNum> 

/html> 


container 
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web app security 


Unauthorized client requests a constrained resource 
that has a CONFIDENTIALITY transport guarantee 


① 


Client requests /BuyStuff.jsp, a 
constrained resource that also 
has a transport guarantee. 



HTTP over TCP 

POST /BuyStuff.jsp HTTP 


The Container sees that this 
constrained resource has a transport 
guarantee. The Container sees that the 
request did NOT come in securely... 


: user-data-constraint 〉 
<transport-guarantee> 

CONFIDENTIAL 

</transport-guarantee 〉 
</user-data-constraint 〉 



<secur 


<url-p 

Ittern> 

/BuySt 

[iff 

</urli 

pattern 〉 


method> 

POS 7 





DD 


container 


② 



The Container sends a 301 response to the client, that 
tells the browser to redirect the request using a secure 
transport. 



301 Redirect 
LocQtion ： HTTPS：//... 

^^ - 




container 


砂枷 t；r 

工一七 a :: dT _ 


The browser makes the same resource request 
again, but this time, over a secure connection. 
In other words, the resource stays the same, 
but the protocol is now HTTPS. 



POST /BuyStuff.jsp HTTPS 



container 


④ 


Now the Container sees that the resource is 
constrained, and that this user has not authenticated. 
So now ihe Container starts the authentication 
process by sending a “401” to the browser … 



401 Unauthorized 
WWW-Authenticate ： 
Basic realm - 'user" 


container 


The browser makes the same request again, (yes, for the THIRD 
time) but this time the request has the user’s login data in the 
header AND the request comes over using a secure connection. 
So this time the client’s login data is transmitted securely! 



POST /BuyStuff.jsp 
Authorization ： 

Basic ： x5w3..= 




container 


m, Co^tamc 

w 二 ''⑺紕 
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protecting login data 


To maKe sure the user ? 

tS couid trigger the .ogin process! 

Remember, when youYe as/ng dec/a^ process by 

a direct request for the log.n. The client ， 

requesting a constrained msourve S ◦义 connec t\on, you need to put a 〈 transport- 

二 : 2 TeVERY constrained resource that could trigger the login form on the 
cijent! 

That way, the Container will g et the :: 

tellings browser to ===== 鄕 ㈣ connection, T h en 

二：二 口二一—一 s 

THIRD request over a secure connection. 


^there^eop 0 

Dumb Questions 


o ： 

I don’t understand why the Container 
sends back a REDIRECT (301) to the client 
when the request comes in without a secure 
connection. Doesn’t it just redirect back to 
the same original request? 


A ! 

Normally you think of a redirect as 
meaning "Hey browser, go to a different URL 
instead.’’The redirect is invisible to the client, 
remember; the client’s browser automatically 
makes the new request on the URL specified in 
the redirect (301) header that comes from the 
server. 

But with transport security, it's a little different. 
Instead of telling the client browser, "Redirect 
to a different resource”，the Container says, "Re- 
direct to the same resource, but with a different 
protocol — use HTTPS instead of HTTP." 


So, is HTTPS over SSL just built-in to 
the Container somehow? 


A I 

It’s not guaranteed by the spec, but it’s 
extremely likely that your Container is using 
HTTPS over SSL (secure sockets). Si/f i’f won’f 
necessarily be automatic! You probably have 
to configure SSL in your Container, and more 
importantly — you need a certificate! 

You’ll have to check your Container’s docu¬ 
mentation, but chances are, your Container 
can generate a certificate that you can use for 
testing, but for production, you’ll need to get a 
Public Key certification from an "official" source 
such as VeriSign. 

(Certificates and security protocols like HTTPS 
and SSL are way outside the scope of the exam, 
by the way. You’re expected to know only what 
you have to do in the DD, and why. You’re not 
expected to be the sys-admin and network 
security master.) 
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web app security 


e^^rpen your pencil 

Configure the security aspects of a web application by filling in the three 
blocks in the DD. The web application must have the following behavior: 

You want anyone to be able to do a GET on the resources within the 
Beer/UpdateRecipes directory (including any subdirectories), but you want 
ONLY those with the security role of “Admin” to be able to do a POST on 
resources within that directory. Also, you want the data to be protected so 
that nobody can eavesdrop. 

<web-app...> 


〈 security-constraint 〉 



</web-app> 
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seci/Wfy exercise 


ir^^rpen your pencil 


Fill out the following table by writing in the relevant DD 
elements. You'll see the answers when you turn the page 
(and don’t even LOOK at the opposite page!). 


Security goal What you’d put in the DD 

You want the Container to do BASIC 
authentication automatically. 


You want to use your own custom form 
page, named “loginPage.html” (and 
deployed directly at the root of the web 
app), and you want “loginError.html”to 
be displayed if the client cannot be 
authenticated. 


You want to constrain everything with a “.do” 
extension so that all clients can do a GET, 
but only Members can do a POST. 

(You do NOT need to include the DD 
elements needed to configure login 
information.) 


You want to constrain everything within the 
foo/ibar directory so that only those with 
a security role of Admin can invoke ANY 

HTTP methods on those resources. 

(You do NOT need to include the DD 
elements needed to configure login 
information.) 
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web app security 


貧 ^^rpen your pencil 


You want everyone to be able to do a GET on the resources within the 
Beer/UpdateRecipes directory (including any subdirectories), but you want 
ONLY those with the security role of “Admin” to be able to do a POST on 
resources within that directory. Also, you want the data to be protected so 
that nobody can eavesdrop. 


<web-app...> 


<security-constraint 〉 


<web-resource-collection> 

<web-resource-name>Recipes</web-resource-name> 
<url-pattern>/Beer/UpdateRecipes/*</url-pattern> 
<http-method>POST</http-method> 
</web-resource-collection> 


一 ds 
“d 4 a 0 . 


<auth-constraint> 


<role-name>Admin</role-name> 


</auth-constraint> 


WBRYOHB would be able io do a PO£T 

lutiZ 7 ayys ° hly Ad " ih 


<user-data-constraint> 

<transport-guarantee>CONFIDENTIAL</transport-guarantee> 


</user-data-constraint> 


</security-constraint 〉 


</web-app> 


/ou dou d have said WTE ⑽ L kJa.d 
a ||y || C o,ia^ Sj you^d sh\\ get 

J 。 十 e 十吟 bemuse Co^i^s use SS, 
广巧⑽ tvahspoirt guairah-tcc ^althouah 

that S hot guawteed by the 
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security exercise answers 


貧老 rpen your pencil 


ANSWERS 


Security goal What you’d put in the DD 


You want the Container to do BASIC 
authentication automatically. 

<web-app ... > 

<login-config> 

<auth-method>BASIC</ auth-method> 

</login-config> 

</web-app> 

You want to use your own custom form 
page, named “loginPage.html” (and 
deployed directly at the root of the web 
app), and you want “loginError.html” to 
be displayed if the client cannot be 
authenticated. 

<web-app ... > 

<login-config> 

<auth-method>FORM</ auth-method> 

< form-login-config> 

<form-login-page>/loginPage . html</form-login-page> 

<form-error-page>/loginError . html</form-error-page> 
</f orm-login-config> 

</login-config> 

</web-app> 

You want to constrain everything with a “.do” 
extension so that all clients can do a GET, 
but only Members can do a POST. 

You 七…。七 a 

terns 七 \ramcd vcsouvtc WKU 

? aUc ? lus HTTP Mc-tW), 

孙 d 从 c 

从 at w attess i\\t 

4 七七 卜 ctW> 

<web-app ... > 

<security-constraint> 

<web-resource-collection 〉 

<web-resource-name>CoolThings</web-resource-name> 
<url-pattern>* . do</url-pattern> 〆 
<http-method>POST</http-method> \\ 

</web-resource-collection> \ 

Wic used 七 

<auth-constraint 〉 WRL 

<role-name>Member</role-name> pattevn 七 ha 七 3!w3Y s 

</auth-constraint> s*t3V"ts 3^ 

加 Wisk (氺) . 

</security-constraint> d ° 

</web-app> 

You want to constrain everything within the 
foo/bar directory so that only those with a 
security role of Admin can invoke any HTTP 
methods on those resources. 

<web-app ... > 

<security-constraint> 

<web-resource-collection 〉 

<web-resource-name>Stuff</web-resource-name> 

<url-patter n>/foo/bar/*</ url-pattern> 

</web-resource-collection> n , aa .,, 

\ lA/c \t^i oW dU? - 

<auth-constraint> wC*b^od> so 

<role-name>Admin</role-name> HTTP Mexico s 

</auth-constraint> a\rC *to DC 

</security-constraint> 3 £.£>CSSil>le *to *t^0SC 

</web-app> AdUm vole- 
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ANSWERS 


Nobody Guest Member Admin Everyone 


< security-cons traint> 

<auth-constraint 〉 

<role-name>Guest</role-name> 

</auth-constraint> 

</security-constraint 〉 


X 




< se cur ity-cons traint> 

<auth-constraint/> 

</security-constraint 〉 

X 





<security-constraint> 

<auth-constraint 〉 

<role-name>Admin</role-name> 

</auth-constraint> 

</security-constraint 〉 

<security-constraint> 

<auth-constraint 〉 

<role-name>Guest</role-name> 

</auth-constraint> 

</security-constraint 〉 


X 


X 


< s ecur ity-cons traint> 

<auth-constraint> 

<role-name>Guest</role-name> 

</ auth-constriant> 

</security-constraint 〉 

<security-constraint> 

<auth-constraints 

<role-name>*</role-name> 

</ auth-constraint> 

</security-constraint 〉 





X 

<security-constraint> 

<auth-constraint> 

<role-name>Member</role-name> 

</ auth-constraint> 

</security-constraint 〉 

〈 security-constraint 〉 Assume that NO 

... 之 - ^ <auth-constraint> is 

</s ecur ity-cons traint> defined 





X 

< s ecur ity-cons traint> 

<auth-constraint 〉 

<role-name>Member</role-name> 

</ auth-constraint> 

</security-constraint 〉 

<security-constraint> 

<auth-constraint/> 

</security-constraint 〉 

X 
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mock exam 




Sxom QAopt&zi2 


Which security mechanisms always operate independently of the transport 
layer? (Choose all that apply.) 

Q A. authorization 

Q B. data integrity 

Q G. authentication 

Q D. confidentiality 



Given a deployment descriptor with three valid 〈 security-constraint 〉 
elements, all constraining web resource A, whose respective 

<auth-constraint 〉 sub-elements are: 


<auth-cons traint> 

<role-name>Bob</role-name> 

</auth-cons traint> 
<auth-constraint/> 

<auth-cons traint> 

<role-name>Alice</role-name> 
</auth-cons traint> 


Who can access resource A? 

□ 

A. 

no one 

□ 

B. 

anyone 

□ 

G. 

only Bob 

□ 

D. 

only Alice 

□ 

E. 

only Bob and Alice 

□ 

F. 

anyone but Bob or Alice 


694 


chapter 12 




web app security 


Which activities would be addressed via a J2EE 1.4 container’s data integrity 

mechanism? (Choose all that apply.) 

Q A. Verifying that a specific user is allowed access to a specific HTML page. 

Q B. Ensuring that an eavesdropper can’t read an HTTP message being sent 
from the client to the container. 

Q G. Verifying that a client making a request for a constrained JSP has the 
proper role credentials to access the JSP. 

Q D. Ensuring that a hacker can’t alter the contents of an HTTP message 
while it is in transit from the container to a client. 


Which are required fields in the login form when using Form Based 
Authentication? (Choose all that apply.) 


□ 

A. 

pw 

□ 

B. 

id 

□ 

G. 


□ 

D. 

j 一 id 

□ 

E. 

password 

□ 

F. 

jj>as sword 


Which authentication types require a specific type of HTML action? (Choose 
all that apply.) 

口 A. HTTP Basic Authentication 
Q B. Form Based Authentication 
口 G. HTTP Digest Authentication 
Q D. HTTPS Client Authentication 
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mock exam 



Which security mechanisms can be implemented by using a method in the 
HttpServletRequest interface? (Choose all that apply.) 


Q A. authorization 
Q B. data integrity 
Q G. authentication 
Q D. confidentiality 


Which HttpServletRequest method is most closely associated with the use 

^ of the <security-role-ref> element? 

Q A. getHeader 
Q B. getCookies 
口 G. isUserlnRole 
Q D. getUserPrincipal 
Q E. isRequestedSessionIDValid 



Which deployment descriptor elements can contain a 〈 transport-guarantee 〉 
sub-element? (Choose all that apply.) 

口 A. <auth-constraint 〉 

Q B. <security-role-ref> 

□ C. <form-login-config> 

Q D. <user-data-constraint 〉 



Which authentication mechanism is recommended to be used only if cookies or 
SSL session tracking is in place? 


口 A. HTTP Basic Authentication 
Q B. Form Based Authentication 
口 G. HTTP Digest Authentication 
Q D. HTTPS Client Authentication 
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web app security 



c 办尹尹疙在 




security mechanisms always operate independently of the transport 
(Choose all that apply.) 


(soviet s ? et ： 6V.a ? 


li) 


authorization 
data integrity 
authentication 
confidentiality 


A is do\r\rCdt Au*tho\riz^*tio^ operates 

domPlc*tcly wrthm "the oi\Ct 

authc^-tida-tioh has ou^td^ ^ 

the -tva^sPov-t laycv- based OY\ how tnc 

<au*th - wthod> element is set- 




Given a deployment descriptor with three valid <security-constraint> 
elements, all constraining web resource A, whose respective 

<auth — constraint 〉 sub-elements are: 




<auth-cons traint> 

<role-name>Bob</role-name> 

</auth-constraint 〉 
<auth-constraint/> 

<auth-constraint> 

<role-name>Alice</role-name> 
</auth-constraint 〉 


Who can access resource A? 

A. no one 
Q B. anyone 
Q C. only Bob 

□ D. only Alice 

Q E. only Bob and Alice 

□ E anyone but Bob or Alice 


-Oftioh A is The o-P ar\ 

<auth-do^s-t\ra'm*b> t\t^i ovc^ridfs 

all otnCV" <3 u*th—elements that 

v-c-fcv- *bo resource, pv-c^ludmj BtCtss. 


ich r ?AB.d D. 

I lErn □ □ 
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(Scwlct 


-O^hov\ 3 dcsdv-ibcs 
do^-fidc^-biality. 


Which activities would be addressed via a J2EE 1.4 container’s data integrity 

mechanism? (Choose all that apply.) 

Q A. Verifying that a specific user is allowed access to a specific HTML page. 

Q B. Ensuring that an eavesdropper can’t read an HTTP message being sent 
from the client to the container. 

口 G. Verifying that a client making a request for a constrained JSP has the 
proper role credentials to access the JSP. 

D. Ensuring that a hacker can’t alter the contents of an HTTP message 

while it is in transit from the container to a client. —Option P is dov-v-cd*b- This 

y/ould tyPidallY be addomplished 
-bhv-oujK xhc use o-f HTTPS. 


I2J) 


Which are required fields in the login form when using Form Based 
Authentication? (Choose all that apply.) 


(Soviet sped., im) 


□ 

A. 

pw 

□ 

B. 

id 

□ 

G. 

j_pw 

□ 

D. 

j—id 

□ 

E. 

password 


F. 

j 一 password 


-Option F is the user’s fassy/ord be 

stoved a -field called j^fassy/ord. k addition, the 
user's must be stoved m \ uscv-^amc. 


Which authentication types require a specific type of HTML action? (Choose 
all that apply.) 

Q A. HTTP Basic Authentication 


(soviet sy^., 


B. Form Based Authentication 
口 G. HTTP Digest Authentication 
Q D. HTTPS Client Authentication 


-Option B is Corrttb Fov -fov-m based 
auUc^tida-tio^ bo work, -the ok the 

\ooj\Ys jro\rm must be 
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Which security mechanisms can be implemented by using a method in the 
HttpServletRequest interface? (Choose all that apply.) 


(Soviet ^ 



authorization 
data integrity 
authentication 
confidentiality 


-Option A is dovredt. The isUscvURolc meihod 

be used p\ro^\rama*ti^ally ； *to help dctcvm'mc >whc*thc\r 
dlic^ts vole is au*tho\rizjcdl *to addess a givch \rcsouvdc 


a 


--Opiioirj C IS do\r\rcd*t. The mcihod dah 

be US— help deWme Whether a 

^licht has bcch authchtidatcd. 


^ Which HttpServletRequest method is most closely associated with the use 

/ of the <security-role-ref> element? 


(S 伏 M 科，⑽ 


□ A. 

□ B. 
^ G. 


getHeader 

getCookies 

isUserlnRole 


Q D. getUserPrincipal 
Q E. isRequestedSessionIDValid 


Moys C *.s corrtcl The <scduntv--rolc^> 

*s used bo map 十心 rd6:ded 广 a,"l 含 

roles AtcWtA *rn tKc dcyloymc^ The 

•.sUscrkRolc rnclhod *.s used m a scv-vlct to test the 

do^tc^-ts cseWrb/ - role - 代 +> demits.. 



Which deployment descriptor elements can contain a 〈 transport-guarantee 〉 
sub-element? (Choose all that apply.) 


(Soviet ^ ^ 


□ A. 

□ B. 

□ G. 
^ D. 


<auth-cons traint> 
<security-role-ref> 

< f orm- login-config> 
<user-data-constraint 〉 


-Option V is toYYtt^ A <*tv-a^spo\rt-5uav-ah*bcc> dcmc^*t is used 

y/itkm a <usc\r-da*ta-doy^s*t\ra*m*t> element *to spcdi-Py >/hc*thc\r a 
web vcsouvdc dollcdtioh should be *tv-3^sw\i*t*tccl usmj d 
sudh ds SSL. 



Which authentication mechanism is recommended to be used only if cookies or 
SSL session tracking is in place? 


igtM ^ 1 说 .1) 


□ A. 
^ B. 


HTTP Basic Authentication 
Form Based Authentication 


口 G. HTTP Digest Authentication 
Q D. HTTPS Client Authentication 


scp av-atc session tv-adk*.^ mcdha^sm *.s ⑽ omm ⑶ ded. 
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13 filters and wr^pers 


The Power of Filters 



Filters let you intercept the request. And if you can intercept the 
request, you can also control the response. And best of all, the servlet remains 
clueless. It never knows that someone stepped in between the client request 
and the Container’s invocation of the servlet’s service() method. What does that 
mean to you? More vacations. Because the time you would have spent rewriting 
just one of your servlets can be spent instead writing and configuring a filter that 
has the ability to affect all of your servlets. Want to add user request tracking to 
every servlet in your app? No problem. Want to manipulate the output from every 
servlet in your app? No problem. And you don’t even have to touch the servlet 
code. Filters may be the most powerful web app development tool you have. 


this is a new chapter 
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official Sun exam objectives 


Filters 

3.3 

11.1 

11.2 




Coverage Notes: 


Describe the Web Container request processing This objective is covered completely in this 

model; write and configure a filter; create a chapter. 

request or response wrapper; and given a design 
problem, describe how to apply a filter or wrapper. 


Given a scenario description with a list of issues, 
select a pattern that would solve the issues. The 
list of patterns you must know are: Intercepting 
Filter, Model-View-Controller, Front Controller, 
Service Locator, Business Delegate, and Transfer 
Object 


Match design patterns with statements describing 
potential benefits that accrue from the use of 
the pattern, for any of the following patterns: 
Intercepting Filter, Model-View-Controller, 
Service Locator, Business Delegate, and Transfer 
Object 


Filters, which are covered in this chapter, are 
an example of (imagine this) the Intercepting 
Filter pattern. We don’t cover pattern-specific 
info until the Patterns chapter, but it’s in THIS 
chapter where you actually see a design that 
demonstrates the Intercepting Filter pattern. 
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Enhancmg the gyitirg web application 

Sometimes you need to enhance your system in ways that span many 
different use cases or requests. For example, you might want to keep track 
of your system’s response times, across all of its different user interactions. 


I got good news and bad 
news today. The good news is 
that the new ''Add your favorite recipe" 
feature on the Beer site is very popular! 
The bad news is that the boss wants us 
to keep track of all the users who 
access these servlets... 



I sure don’t want 
to go modify a bunch of 
working servlets, especially when 
I know that as soon as I odd user 
tracking, the boss will tell me 
to take it out again... 
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request and response filters 


How about some kind of "filter"? 

Filters are Java components — very similar to servlets — that you can use 
to intercept and process requests before they are sent to the servlet, or to 
process responses after the servlet has completed, but before the response 
goes back to the client. 

The Container decides when to invoke your filters based on declarations 
in the DD. In the DD, the deployer maps which filters will be called for 
which request URL patterns. So it’s the deployer, not the programmer, 
who decides which subset of requests or responses should be processed by 
which filters. 




^ ^ orhih 9 -the 
•1^ ahd bcihg passed 
to the sc\rvlci. 



iu-\ 111 rrV^ 

Client 





Filter 


Fun teigs to do with Filters 


hOWlcd ^ of f il ic 


\rs. 


Request filters can: 

►perform security checks 
^reformat request headers or bodies 
>audit or log requests 

Response filters can: 

♦compress the response stream 
^append or alter the response stream 
♦create a different response altogether 


There is only ONE 
filter interface, 

Filter. 

ere ，s no such thing as a RequestFilter 
ResponseFilter interface—ifs just Filter, 
fieri we talk about a request filter vs. a 
、sponse filter ， we’re talking only about how 

^uUSE the filter, not the actual filter inter¬ 
ne. As far as the Container is concerned, 
lere is only one kind of filter—anything 
ia t implements the Filter interface. 
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Filters are modular ： and configurable m the VV 

Filters can be chained together, to run one after the other. Filters are 
designed to be totally self-contained. A filter doesn’t care which (if any) 
filters ran before it did, and it doesn’t care which one will run next.* 

The DD controls the order in which filters run; we’ll talk about filter DD 
configuration a little later in the chapter. 


DD configuration 1: 


Using the DD, you can link them together by telling the Container: “For these 
URLs, run filter 1, then filter 7, then filter 3, then run the target servlet.” 



iu-\ 111 rn\^ 

Client 




Filter 1 



Filter 7 





RIter 3 



Servlet 


DD configuration 2: 

Then, with a quick change to the DD, you can delete and swap them with: 
“For these URLs, run filter 3, then filter 7, and then the target servlet.” 


Web _ I 
browser L 


Client 





一 



Container 


Filter 3 


Wow -filter Z av ,d 7 

扣 e ih a di-Pfcirch-t ovdev-. 



Filter 7 


Ko-thihg hew 
As always ； 


clueless 




Servlet 


* We’re fudging a little. The deployer often does need to configure the order 
based on the consequences of the transformations performed by the filters. 
You wouldn’t, for example, add a watermark to an image after you applied 
a compression filter. In that example, the watermark filter would have to do 
its thing before the data hits the compression filter. The point is, you as the 
programmer will not build dependencies into your code. 
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filters are like servlets 


If filters are like 
servlets, then I*m guessing 
they must be invoked by the 
Container, just like servlets. 
They probably have their own 
lifecycle... 



Three ways filters are like servlets 

Kim’s right, filters live in the Container. In many ways 
they’re similar to their co-residents, servlets. Here are a few 
ways in which filters are like servlets: 


The Container knows their API 

Filters have their own API. When a Java class implements 
the Filter interface, it’s striking a deal with the Container, 
and it goes from being a plain old class to being an official 
J2EE Filter. Other members of the filter API allow filters 
to get access to the ServletGontext, and to be linked to 
other filters. 


The Container manages their lifecycle 

Just like servlets, filters have a lifecycle. Like servlets, they 
have init() and destroy () methods. Similar to a servlet’s 
doGet() / doPost() method, filters have a doFUter() method. 


They’re declared in the DD 

A web app can have lots of filters, and a given request 
can cause more than one filter to execute. The DD is the 
place where you declare which filters will run in response 
to which requests, and in which order. 
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Puildmg the request tracking filter 


Our task is to enhance the Beer application so that whenever 
someone requests any of the resources associated with updating 


recipes, we’ll be able to keep track of who made the request. 
Here’s one version of what such a filter might look like. 


package 


import j 
import j 
import j 


com.example.web; 

ava•io•*; 
avax.servlet.*; 




^ avc m 


avax.servlet.http.HttpServletRequest; 




public class BeerRequestFilter implements Filter { 


private FilterConfig fc; 


You mus 七 usually 7 ou 

jus*t save object 


public void init (FilterConfig config) throws ServletException 
this . f c = config; 

} 


public void doFilter(ServletRequest req, 

ServletResponse resp, 
FilterChain chain) 

throws ServletException, 工 OException 






HttpServletRequest httpReq = (HttpServletRequest) 
String name = httpReq.getRemoteUser(); 
if (name != null) { 


req; - Bui wcVc suv-c 

WC ddh 匕 "the 

\rc«\ucsi av\d \rcspohSC bo 
ihciv- HTTP sub-types. 


f c . getServletContext () . log (''User '' + name +、' is updating ’’）； 

} 

chain. doFilter (req, resp) ; ^"Hi’s is how the -filtcv- ov scv-vlct 
} •… line — lots nr\ov*c ok> "this 

•m the v\t^i douplc o-f pages. 

public void destroy() { 

// do cleanup stuff 

} 

Y^u mus-t irwplerwe>vt AtsbroyO 
but usually its erwp-ty. 
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A filter's life cycle 

Every filter must implement the three methods in the 
Filter interface: init(), doFilter(), and destroy(). 

First there’s init() 

When the Container decides to instantiate a filter, 
the init() method is your chance to do any set-up 
tasks before the filter is called. The most common 
implementation was shown on the previous page; 
saving a reference to the FilterConflg object for 
later use in the filter. 


doFilter() does the heavy lifting 

The doFilter() method is called every time the 
Container determines that the filter should be 
applied to the current request. The doFilter() 
method takes three arguments: 

^ A ServletRequest 

(not an HttpServletRequest)! 

^ A ServletResponse 

(not an HttpServletResponse)! 

^ A FilterChain 

The doFilter() method is your chance to 
implement your filter’s function. If your filter 
is supposed to log user names to a file, do it in 
doFilter(). Want to compress the response output? 
Do it in doFilterQ. 


In the end there’s destroy() 

When the Container decides to remove a filter 
instance, it calls the destroy() method, giving 
you a chance to do any cleanup you need to do 
before the instance is destroyed. 


^Jiereiqrejio 

Dumb Questions 




What is a FilterChain? 


A FilterChain is the coolest thing in all of 
Filter-dom. Filters are designed to be modular 
building blocks you can mix together in a variety 
of ways to make a combination of things happen, 
and the FilterChain is a big part of what makes 
this possible. It’s the thing that knows what comes 
next. We already mentioned that the filters (not 
to mention the servlet) shouldn’t know anything 
about the other filters involved in the request... 


but someone needs to know the order, and that 
someone is the FilterChain, driven by the filter 
elements you specify in the DD. 


By the way, FilterChain is in the same package as 
Rlter, Javm.senz/ef. 


I noticed that in your doFilterO method 
you made this call: chain.doFilter() … What's a 
doFilterO doing inside a doFilterO? You’re not 
gonna get all recursive on us, are you? 

A ： 

XX The FilterChain interface's doFilterO is a little 
bit different than the Filter interface’s doFilterO. 
Here’s the main difference: 

The doFilterO method of the FilterChain takes care 
of figuring out whose doFilterO method to invoke 
next (or, if it’s the end of the chain, which servlet’s 
serviceO method), but the doFilterO method in a 
Filter actually does the filtering — the thing the filter 
was created to do. 

This means a FilterChain can invoke EITHER a filter or 
a servlet, depending on whether it’s the end of the 
chain. The end of the chain is always either a servlet 
or a JSP (which means a JSP’s generated servlet, of 
course), assuming the Container is able to map the 
request URL to a servlet or JSP. (If the Container can’t 
locate the right resource for the request, the filter is 
never invoked.) 
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Thiwk of filters as being "stackable" 


The servlet spec doesn’t dictate how the chain.doFilter(req 5 resp) 
method is handled inside the container. In practice, though, you can 
think of the process of filters chaining to each other as if they were 
simply method calls on a single stack. We know there’s more going on 
behind the scenes in the Container, but we don’t care, as long as we can 
predict how our filters will run, and a conceptual (if not physical) stack 
lets us do that. 


TTiiS “conceptual stack” 
is just a way to 丑 link 
about filter chain 
invocations. We don’t 


A conceptual call stack example 

In this example, a request for Servlet A will be filtered by two filters, 
Filter3, then Filter7. 


Filter3 
idoFilteKr.r/C) 



Filter7 
doFilteKr 八 c) 


Filter3 
doFilter(r\ 




J Servlet A 
N^serviceQ 


Filter7 
doFilter(r\r\c) 



R Iter 3 
doFilter(r, 


I 

r,c) \ 


know (or care) how 
ilie Container actually 
implements te-but 
iJiinting of itiliiS way 
lets you predict Kow 
your filter chain will 
behave. 



Filter3 
doFilteKr^.c) 


the stack the stack 


the stack 


the stack the stack 



Upon getting 
the request, 
the Container 
calls Filter3's 
doFilter() method, 
which runs until 
it encounters its 
chain.doFilter() 
call. 


The Container 
pushes Filter7’s 
doFilter() method 
on the top of the 
stack - where it 
executes until it 
reaches its chain. 
doFilterQ call. 


The Container 
pushes ServletA's 
serviceQ method 
on the top of 
the stack where 
it executes to 
completion, and is 
then popped off 
the stack. 


The Container 
returns control to 
Filter7, where its 
doFilter() method 
completes and is 
then popped off. 


The Container 
returns control to 
Filter3, where its 
doFilter() method 
completes, and is 
popped off. Then 
the Container 
completes the 
response. 
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declaring and ordering filters 

When you configure filters in the DD, you’ll usually do three things: 
^ Declare your filter 

^ Map your filter to the web resources you want to filter 
^ Arrange these mappings to create filter invocation sequences 

Declaring a filter 

<filter> 

<filter-name>BeerRequest</filter-name 〉 

<filter-class>com.example.web.BeerRequestFilter 
</filter-class> 

<init-param> 

<param-name>LogFileName</param-name> 
<param-value>UserLog.txt</param-value> 

</init-param> 

</filter> 


Rules for <filter> 

> The <filter-name> is mandatory. 

> The <filter-class> is mandatory. 

> The <init-param> is optional, and 
you can have many. 


Declaring a filter mapping to a 
URL pattern 

<filter-mapping> 

<filter-name>BeerRequest</filter-name 〉 

<ur1-pattern>*.do</url-pattern> 

</filter-mapping> 

Declaring a filter mapping to a 
servlet name 

<filter-mapping> 

<filter-name>BeerRequest</filter-name 〉 

<servlet-name>AdviceServlet</servlet-name> 

</filter-mapping> 


Rules for <filter-mapping> 

> The <filter-name> is mandatory and it is used 
to link to the correct <filter> element. 

> Either the <url-pattern> or the the 
<servlet-name> element is mandatory. 

> The <url-pattern> element defines which web 
app resources will use this filter. 


> The <servlet-name> element defines which 
single web app resource will use this filter. 


IMPORTANT: The Container’s rules for ordering filters: 

When more than one filter is mapped to a given resource, the Container uses the following rules: 

1) ALL filters with matching URL patterns are located first. This is NOT the same as the URL mapping 
rules the Container uses to choose the “winner” when a client makes a request for a resource, because 
ALL filters that match will be placed in the chain!! Filters with matching URL patterns are placed in the 
chain in the order in which they are declared in the DD. 

2) Once all filters with matching URLs are placed in the chain, the Container does the same thing with 
filters that have a matching <servlet-name> in the DD. 
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Isn’t THAT typical... they give us a way 
to filter requests coming from a client, 
and they just forget all about requests 
that WE generate through forwards and 
request dispatches. Geez... they treat 
request dispatching like ifs a second- 
class invocation technique?! 



News Flash: As of version 2.4, filters 
can be applied to request dispatchers 

Think about it. It’s great that filters can be applied to requests 
that come directly from the client. But what about resources 
requested from a forward or include, request dispatch, 

and/or the error handler? Servlet spec 2.4 to the rescue. 


Declaring a filter mapping for 
request-dispatched web resources 

<filter-mapping> 

<filter-name>MonitorFilter</filter-name 〉 
<url-pattern 〉 *•do</url-pattern> 
<dispatcher>REQUEST</dispatcher 〉 

■ and / or- 

<dispatcher>INCLUDE</dispatcher 〉 

■ and / or- 

<dispatcher>FORWARD</dispatcher 〉 

■ and / or- 

<dispatcher>ERROR</dispatcher 〉 

</filter-mapping 〉 


Declaration Rules 

> The <filter-name> is mandatory. 

> Either the <url-pattern> or <servlet-name> 
element is mandatory. 

> You can have from 0 to 4 <dispatcher> elements. 

> A REQUEST value activates the filter for client 
requests. If no 〈 dispatcher〉element is present, 
REQUEST is the default. 

> An INCLUDE value activates the filter for request 
dispatching from an include() call. 

> A FORWARD value activates the filter for request 
dispatching from a forward() call. 

> An ERROR value activates the filter for resources 
called by the error handler. 
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filter configuration exercise 



Based on the following DD fragment, write down the sequence in which 
the filters will be executed for each request path. Assume Filterl through 
Filter5 have been properly declared, and that the servlet names are the 
same as their mappings. (Answers are at the end of this chapter.) 


<filter-mapping> 

<filter-name>Filterl</filter-name> 
<url-pattern>/Recipes/*</url-pattern> 

</filter-mapping> 

<filter-mapping> 

<filter-name>Filter2</filter-name> 

<servlet-name>/Recipes/HopsList.do</servlet-name> 

</filter-mapping> 

<filter-mapping> 

<filter-name>Filter3</filter-name> 
<url-pattern>/Recipes/Add/*</url-pattern 〉 

</filter-mapping> 

<filter-mapping> 

<filter-name>Filter4</filter-name> 

<servlet-name>/Recipes/Modify/ModRecipes.do</servlet-name> 
</filter-mapping> 

<filter-mapping> 

<filter-name>Filter5</filter-name> 

<ur1-pattern>/*</url-pattern> 

</filter-mapping> 


Request path 


Filter Sequence 


/Recipes/HopsReport.do 


Filters: 


/Recipes/HopsList.do 


Filters: 


/Recipes/Modify/ModRecipes . do 


Filters: 


/HopsList.do 


Filters: 


/Recipes/Add/AddRecipes . do 


Filters: 
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Compressing output with a response - side filter 

Earlier we showed a very simple request filter. But now we’ll look at a response 
filter. Response filters are a bit trickier, but they can be incredibly useful. They 
let us do something to the response output after the servlet does its thing, 
but before the response is sent to the client. So instead of stepping in at the 
beginning — before the servlet gets the request — we step in at the end — after the 
servlet gets the request and generates a response. 

Well, sort of... think about it. Filters are always invoked in the chain before the 
servlet. There’s no such thing as a filter that is invoked only after the servlet. 
But... remember that stack picture. The filter gets another shot at this after 
the servlet completes its work and is popped off the (virtual) stack! 


My boss liked my first filter 
so much he wants me to write 
another one. The company's pipe to 
the Internet is getting really busy, 
so now he wants us to compress 
all of our response streams... 





Seems like a filter 
would be the way to go... 

But since were dealing with 
responses, ril have to put the 
compression code AFTER the 
chain.doFilter() call... 
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Architecture of a response filter 

Rachel is talking about the basic structure of what you put in 
a doFilter() method — first you do work related to the request, 
then you call chain.doFilter(), then finally, when the servlet (and 
any other filter in the chain after your filter) completes and 
control is returned to your original doFilter()method, you can 
do something to the response. 

Rachel’s pseudo-code for the compression filter 

class MyCompressionFilter implements Filter { 


init (); 


public void doFilter(request, response, chain) 


// this is where request handling would go 
chain.doFilter(request, response); 

// do compression logic here ^_ 


The servlet docs *rb 

work a 七七 Wis fo'mt 


destroy(); 




dohe, 


wc 




3 c ^icd... 


The conceptual call stack 


I MyCompressionFi Iter 
doFilterOv'c) 




ServletA 

service() 



MyCompressionF 
doFilteKr, 



MyCompressionFilter 
doFilteKr.r.c) 


The Compression 
filters doFilterQ 
method runs, and 
invokes chain.doFilter(). 
It’s too early to do 
any compression—the 
goal is to compress the 
response output from 
the servlet. 


The Servlefs serviceQ 
method goes on the 
top of the stack, does 
some work, generates 
a response output, and 
completes. 


Now that the Servlet's 
service() method 
has popped off the 
stack, the rest of the 
compression filters 
doFilter() method can 
run, and (it hopes) do the 
compression on whatever 
the servlet wrote to the 
response output! 
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Put is it really that simple? 


Does compressing the response really involve nothing more than 
waiting for the servlet to finish, then compressing the servlet’s 
response output? After all, the filter’s doFilter() method has a 
reference to the same response object that went to the servlet, so in 
theory, the filter should have access to the response output... 


public void doFilter(request, response, chain) 


// this is where request handling would go 
chain.doFilter(request, response); ①② 


//do 


compression logic here ^3^ 


Request and 


1 The filter passes the request 
and response to the servlet, and 
waits patiently for its chance to 
compress stuff. 



Response 





t ， 


Web 

browser 





」) 

批 



Client 


Container 


Filter 


Response 


3 The call to chain.doFilter() has 
returned, and the filter was hoping 
to grab the output and and start 
compressing... 

EXCEPT it's too late! The output was 
already sent to the client! The Container 
doesn’t buffer the output for the filter. 

By the time the filter’s own doFilter() 
method is at the top of the (conceptual) 
stack, it’s too late for the filter to 
affect the output 


u ^ok This 
,S a P^oblcrh... 
ihe ou-tpu-t 
doeshi 心乇 

^ ihc f 


Output 

Stream 


2a The servlet does its thing, 
creating output, blissfully unaware 
that this very same output was 
supposed to be compressed. 

2 b The output goes back 
through the Container and... 

2c It’s sent back to the client! 
Hmmm... this could be a problem. 
The filter was hoping to have a 
chance to do something to the 
output (compress it) before the 
output went to the client. 
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filtering the output 


The output has left the building 


This woiVt work! I can’t 
compress something on the way 
out of the servlet, because ifs too late. 
The output goes straight from the servlet 
back to the client. But the whole point is 
to compress the output, so how can I 
get control of the output BEFORE it 
goes to the client? 


O 



v 


V 


m 


C 


Think about this for a minute... the servlet 
actually gets the output stream or writer 
from the response object. What if instead 
of passing the REAL response object to the servlet, 
your filter swapped in a custom response object 
with an output stream that you control? Nobody 
said the filter has to pass the REAL response 
when it calls chain.doFilter().„ 



\rc^ucs*t response 


A DIFFERENT 呼攸 
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Wccaw implement our OWN response 

The Container already implements the HttpServletResponse interface; that’s 
what you get in the doFilter() and service() methods. But to get this compression 
filter working, we have to make our own custom implementation of the 
HttpServletResponse interface and pass that to the servlet via the chain.doFilter() 
call. And that custom implementation has to also include a custom output stream as 
well, since that’s the goal — to capture the output after the servlet writes to it but 
before it goes back to the client. 


Tiic -filtcv passes a ^us-tom u A1yRcspo^sc w , 
y/hidh tt*t*tpSc\rvlc*tRcspohSC 

the o\rigmal RB-AL- v-cspo^sc 
*bhc Co^*ta*mcv passed *to -filtcv-). 



Filter 


〆 


cu 5 fo/nX 
Output 
Stream 


Z 



real 
Response 



The “MyRcspohsc” objedi 
delegates (passcs-iWoujli), 
mos-t o-f -the dal Is it v-c^civcs, 
*bo the Vcal w response object 


real \ 
Output 
Stream 


The w MyResponse” object also has a dus*bom 
ou*tpu*b s*tvcam *bha*t ^ompv-csscs -the data 
>/v-i*t*bc^ by *bhc scv-vlc*t> a 灼 d *thc 灼 scy\As *thc 
^ompvcsscd data *to *thc orioimal output 
s*t\rcarw joes ba 乙 k *to -the 


o ： 

Filters pass ServletRequest and ServletResponse objects to the next 
thing in the chain, NOT HttpServlet Response! So why are you talking about 
implementing HttpServletResponse? 

A I 

Filters were designed to be generic, and so officially, you’re right. If we 
thought one of our filters might be used in a non-web app, we’d be implementing 
the non-HTTP interface (ServletResponse), but today, the chances of someone 
developing non-HTTP servlets is close to zero, so we’re not worried. And since 
ServletResponse is the supertype of HttpServletResponse, there’s no problem passing 
an HttpServletResponse where a ServletResponse is expected. 
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implementing HttpServletResponse 


HttpServletResponse is 
such a complicated interface... 
if only there were a way to 
avoid implementing all those methods 
and delegating calls to the real 
response... 



She doesn't know about the servlet Wrapper classes 

Creating your own custom HttpServletResponse 
implementation would be a pain. Especially when all 
you want to implement are just a few of the methods. 

And since HttpServletResponse is an interface that 
extends another interface, to implement your own 
custom response, you’d have to implement everything 
in both HttpServletResponse and its superinterface, 
ServletResponse. 

But fortunately, someone at Sun did that for you, by 
creating a support convenience class that implements the 
HttpServletResponse interface. All of the methods in that 
class delegate the calls to the underlying real response 
created by the Container. 


ServletResponse interface 

(javax.servlet.ServletResponse) 

《 interface 》 

ServletResponse 

getBufferSize() 

setContentType() 

getOutputStream() 

getWriterf) 

//MANYmore methods... 

HttpServletResponse interface 

(javax.servlet. http. HttpServletResponse) 


〈〈 interface 〉〉 

HttpServletResponse 

addCookie() 

addDateHeaderf) 

addHeader() 

encodeRedirectURL() 

encodeURL() 

sendError() 

sendRedirect() 

setDateHeader() 

setHeader() 

setStatus() 

//more methods 



RcrwCmbcv, *bo implerwC 的七 
tt*t*tpSc\rvlc*tRcspohsc you have h> 
ir»\plcrwC^*t -fv-om 

bo*th i*t i*ts 
Scv-vlc*tRcspo^sc- 
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Wrappers rock 


The wrapper classes in the servlet API are awesome — they 
implement all the methods needed for the thing you’re 
trying to wrap, delegating all calls to the underlying request 
or response object. All you need to do is extend one of the 
wrappers, and override just the methods you need to do your 
custom work. 

You’ve seen support classes in the J2SE API, of course, with 
things like the Listener adapter classes for GUIs. And you’ve 
seen them in the JSP API with the custom tag support classes. 
But while those support classes and these request and response 
wrappers are all convenience classes, the wrappers are a little 
different because they, well, wrap an object of the type they 
implement. In other words, they don’t just provide an interface 
implementation, they actually hold a reference to an object of 
the same interface type to which they delegate method calls. 

(By the way, this has nothing whatsoever to do with the J2SE 
“primitive wrapper” classes like Integer, Boolean, Double, etc.) 

Creating a specialized version of a request or response is such a 
common approach when creating filters, that Sun has created 
four “convenience” classes to make the job easier: 

^ ServletRequestWrapper 
^ HttpServletRequestWrapper 
^ ServletResponseWrapper 
^ HttpServletResponseWrapper 


r 工 

“Decorator” on the exam- 

thing it wraps, rather than being a complete replacement. 


1/Vv-appER (youv- dus-tom 
response object) 





1/Vv-appEE (-the ori^'mdl 
Co^*ta*mcv-—dveated 
vesponsc object) 


^enever you want to 
create a evstom revest 
or response object, 
just subclass one of ike 
convenience veriest 
or response V 靖 er” 
classes. 

A wrapper wr^stlie 
REAL Veriest or response 
object, and delegates 
(passes ikougii) calls 
to^ie real toig, 

Still letting you do ^ie 
extra tilings you need for 
your custom revest or 
response. 
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Adding a simple Wrapper to the design 

Let’s enhance Rachel’s first pseudo-code by adding a wrapper. 


Compression filter design，version 2 (pseudocode) 

class CompressionResponseWrapper extends HttpServletResponseWrapper 


以以 二 

_ 一 VW 0SCS … 


// override any methods you want to customize 


class MyCompressionFilter implements Filter { 

public void init (FilterConfig cfg) { } 

public void doFilter( request, response, chain) 

CompressionResponseWrapper wrappedResp 

=new CompressionResponseWrapper(response); 


\)t do'm^ some v-cal 


TKc aci o-f w v/v-app'm^ -tiiC \rcsfor^sc 

ouV £.us*fcom dlass. 


chain.doFilter(request A wrappedResp); 
// do compression logic here 


public void destroy() 



hlov/ y/c schd this dlo^ doy/r\ -the -Pil^tcv 
hlor\C o( the do^iv\ 

dham y/ill cvcv khow -that the vcspohsc 
object 七 hey 50 -t v/ 3 s a dus^tom job. 



1 The filter passes the request 
object and a custom response 
object to the servlet. 


Container 


Filter 


2 Since we didn’t override any 
methods in the Wrapper, the output 
stream isn’t affected... yet. 


Output 

Stream 
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Add aw output stream Wrapper 


Let’s add a second Wrapper... 

Compression filter design，version 3 (pseudocode) 






a 


sW 0咖七如咖. 


class CompressionResponseWrapper extends HttpServlet^fesponseWrapper 


public ServletOutputStream getOutputStream () throws... 

參參參 

servletGzipOS = new GzipSOS(resp.getOutputStream()); 
return servletGzipOS; 

Scwlc-bOu-bfu-bS-bv-cam to 

// maybe override other methods ^ cvev - 3^ *f oV " 



class MyCompressionFilter implements Filter 


Scv-vlc*tOu*tpu*tS*tvcarw 
ouv Custom 

Scwlc*tOu*tpu*tS*tvcarw 
i/Vvapfev" tlass. Fov 
\t{!s assume 
£cvvlc*t0u*tfu*ts*tvcam 

Scv-vlc*tOu*tfu*tS*tv-cawv- 


public void init (FilterConfig cfg) { } 

public void doFilter( request, response, chain) { 


CompressionResponseWrapper wrappedResp 

=new CompressionResponseWrapper(response); 


chain.doFilter(request, wrappedResp); 
// do compression logic here 

} 

public void destroy() { } 



Container 




Filter (5) 




Wrapped 

Output 

Stream 


3 ) 


1 The filter passes the request 
object and a custom response 
object to the servlet. The 
custom response has a special 

getOutputStream method. 


2 When the servlet asks for an 
output stream, it doesn’t KNOW 
that it will get a “special” output 
stream. 
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response compression filter 


The real compression filter code 


Time to code. We end this chapter by looking at the code 
for both the compression filter and the wrapper it uses. 
We’re expanding from the previous discussion, and while 
there is some new stuff here, it’s mostly just plain Java code. 

This filter provides a mechanism to compress the response 
body content. This type of filter would commonly be 
applied to any text content such as HTML, but not to most 
media formats such as PNG or MPEG, because they are 
already compressed. 

package com.example.web : 

import javax.servlet.*; 
import j avax.servlet.http.*; 
import java.io.*; 

import java.util.zip.GZIPOutputStream; 

public class CompressionFilter implements Filter 



細 d on f t need to study 
th ^ co de for the exa ^ 

d em 0nst 「 h= his sample is a 
細 so thatyou can sZ° nSe Wterin ^tion 
more real-world. You 7:_阶 9 a little ’ 
understand this particular need to 1 的 m or 

e r Xam > 80 consider the resT^C 骱 the 
completely optional h，S cha _ 


private ServletContext ctx; 
private FilterConfig cfg; 

public void init (FilterConfig cfg) 
throws ServletException { 
this.cfg = cfg; 

ctx = cfg.getServletContext (); 
ctx . log (cfg. getFilterName () + '' 



The mrt rnctKod saves tKc dorvf A objedt 
ay>d a <\uidk *to i\\c scv-vlc*t 

wte% 七 objedt ((or lo^m^ puv-foscs). 


initialized •〃） 


public void doFilter (ServletRequest req, 

ServletResponse resp, 

FilterChain fc) 
throws 工 OException, ServletException { 
HttpServletRequest request = (HttpServletRequest) req; 
HttpServletResponse response = (HttpServletResponse) resp; 


TV Kcairt o-f -tWis ^illcv v/\rafs i\\t 

objedt W\i\\ a Vetoraior v/^raps tKc output 

3 £.0mpvcss'l0ir> |/0 stvedm- 

Compvcss'ioy> of outfut stream is 
i-P a^d or^ly \( ttc mdludcs air> M 以 f 七一 

Kcadcv (spcdi-f^ally, -fov —p). 


String valid—encodings = request.getHeader(''Accept-Encoding^) 
if ( valid—encodings • indexOf ( 、 'gzip’’）> -1 ) { 


Docs dierrt 
^Z-IP Compression? 


CompressionResponseWrapper wrappedResp 
=new CompressionResponseWrapper(response); 


1( so, w\rap the vcspohsc object 

with a 匕 orwpvessioh wvappcv*. 
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filters and wrappers 


Compression filter code, cowt. Debugging Tip! 



wrappedResp . setHeader (''Content-Encoding ”， 


To test this filter, comment out this 
line of code. You should see illegible, 
compressed data in your browser. 


gzip"); 





fc.doFilter(request f wrappedResp); < — 一 C^a*m *fco dorwfohCy>*t. 


GZIPOutputStream gzos = wrappedResp•getGZIPOutputStream(); 
gzos .finish() ; ^ - 


ctx . log (cfg. getFilterName () + : 

else { 

ctx . log (cfg. getFilterName () + : 

fc.doFilter(request f response); 


finished the request .’’）； 


no encoding performed."); 


public void destroy() { 

// nulling out my instance variables 
cfg = null; 
ctx = null; 


A ^omp\rcssio^ s*brO 

must be W -f mishcd W > whidh 
also -flushes -the s*tvcam 

bu-P-fcv-, By\A sc^ds all of its 
dd'td *to *thc ov-i^mal v-cspo^sc 
s*brO. 

The doirrtamer handles the 
\rcs*t o( the work. 


"Off the path" 

Compression meets HTTP 


How does the server know it can send compressed data? How 
does the browser know when it’s getting compressed data? It 
turns out that HTTP is “compression-aware”； here’s how it 
works: 

^ One of the headers that the browser sends (“Accept-Encoding: 
gzip”)，tells the server about the browser’s capabilities for 
dealing with different types of content. 

^ If the server sees that the browser can deal with compressed 
data, it will perform the compression, and add a header 
(“Content-Encoding: gzip，’)，to the response. 

^ When the browser receives the response, the “Content- 

Encoding: gzip” header tells the browser to de-compress the 
data before it is displayed. 
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response compression wrapper 


Compression wrapper code 


We looked at the Compression filter; now let’s take a look at the 
wrapper it uses. This is one of the most complicated topics in all of 
servlet-dom, so don’t panic if you don’t grok it the first time. 

This response wrapper decorates the original response object by 
adding a compression decorator on the original servlet output stream. 


package com.example.web; 

// Servlet imports 

import j avax.servlet.http.*; 

import j avax.servlet.*; 

// 工 /0 imports 
import j ava.io.*; 

import java.util.zip.GZIPOutputStream; 

class CompressionResponseWrapper extends HttpServletResponseWrapper { 


private GZIPServletOutputStream servletGzipOS = uu 丄丄 / 



private PrintWriter pw = null; 



CompressionResponseWrapper (HttpServletResponse resp) { 
super(resp); 



to the object accov-atc 

\y\ -this tBsc -the HTTP response object 


public void setContentLength (int len) { } ^ - Ignore iliis mcihod—ihc oui- 

put v/ill be dorwpv-csscd- 


public GZIPOutputStream getGZIPOutputStream() { 

return this.servletGzipOS.internalGzipOS; 
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Compression wrapper code, cowt. 


private Object streamUsed = null 


pyovidc attess a detonated 
scv-vlc-t output sbrO 


public ServletOutputStream getOutputStream () throws 工 OException 



if ((streamUsed != null) && (streamUsed != pw)) { 

throw new 工 llegalStateException(); 

} 

if ( servletGzipOS == null ) { 

servletGzipOS 

=new GZIPServletOutputStream(getResponse() 

.getOutputStream()); 

streamUsed = servletGzipOS; 

} 

return servletGzipOS; 


Alloy/ soviet *to atdess a soviet output 
stv-cam, or>ly i-f tKc scv-vlc*t i^as y>o*t alv-cady 
addessed *tKc fvm 七 v/v-itcv-. 

IA/v-ap {\\t ov^’mal scvvlc*t ou 七 fu 七 
stveam ouv* tompvcssioi^ 
servlet ou*tfu*t stv"0- 


Provide addess {p a dedorated 
fv’m 七 v/v'rtcv-. 

public PrintWriter getWriter () throws 工 OException { 


if ( (streamUsed != null) && (streamUsed 

throw new 工 llegalStateException(); 


servletGzipOS) 



if ( pw 


null ) 


servletGzipOS 

=new GZIPServletOutputStream(getResponse() 

.getOutputStream()); 

OutputStreamWriter osw 

=new OutputStreamWriter(servletGzipOS, 

getResponse().getCharacterEncoding()) 

pw = new PrintWriter(osw); 
streamUsed = pw; 

} 

return pw; 


Alloy/ i\\t scvvlci *to addess a 七 v/v-*i*tcv-, 

oy>ly i*P scv"vlc*t 

ttc scwlc*t ou 七 fu 七 stveam- 

To a v/v-i-tev, wc have 
■fco -first wv-ap *bhc scv-vlc*t output 
s^bream Bv\d *thc^ wv-ap the 
dompvcssio^ scv-vlc*t output st\rcaw\ 

\y\ *tv/o dddi*bio 灼 dl output stv-cam 

dcdowto\rs: Ou*tpu*tS-tv , ca^lVv-i*tcv- 
y/hidh ^o^vcv-*ts dha\ra^*tcv-s m*to 

bytes, By\d d o 灼 

•bop cJc *thc Ou*tpu*tS*tvcaw\lV\ri*tcv- 

objedt 
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response output decorator 


Compression wrapper, helper class code 


This helper class is a Decorator on the ServletOutputStream abstract 
class which delegates the real work of compressing the generated 
content using a standard GZIP output stream. 

There is only one abstract method in the ServletOutputStream that 
this Decorator must implement: write(int). This is where all of the 
delegation magic occurs! 

class GZIPServletOutputStream extends ServletOutputStream { 


^ -- 3 *to st\rC3nr\- TViS 

variable is padkay-f'rWaic *to alloy/ *tKc 
to^Yrtss\ov\ v-csfoy>sc y/v-affcv Mtss {p tt’is vaviablc. 


GZIPOutputStream internalGzipOS; 


/ * * 


Decorator constructor 


GZIPServletOutputStream (ServletOutputStream sos) throws 工 OException { 
this.internalGzipOS = new GZIPOutputStream(sos); 


public void write (int param) throws java.io • 工 OException { 
internalGzipOS.write(param); 




the ovijmal Scv-vI ctOutputS-tvcarw, (y/hidh *m is ultn^atdy 

wvappihj the TCP hcty/ov-k output st\rcarw -fco the diCht). 


ioh st\rc3nr», y/hidh is y/vappmg 
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ANSWERS 


Write down the sequence in which the filters 
will be executed for each request path. 
Assume Filterl - Filter5 have been properly 
declared. 


<filter-mapping> 

<filter-name>Filterl</filter-name> 
<url-pattern>/Recipes/*</url-pattern> 

</filter-mapping> 

<filter-mapping> 

<filter-name>Filter2</filter-name> 

<servlet-name>/Recipes/HopsList.do</servlet-name> 

</filter-mapping> 

<filter-mapping> 

<filter-name>Filter3</filter-name> 
<url-pattern>/Recipes/Add/*</url-pattern 〉 

</filter-mapping> 

<filter-mapping> 

<filter-name>Filter4</filter-name> 

<servlet-name>/Recipes/Modify/ModRecipes.do</servlet-name> 
</filter-mapping> 

<filter-mapping> 

<filter-name>Filter5</filter-name> 

<ur1-pattern>/*</url-pattern> 

</filter-mapping> 


Request path 


Filter Sequence 


/Recipes/HopsReport.do 


Filters: \ t 5 


/Recipes/HopsList.do 


Filters: 1 , 5 , 2 


/Recipes/Modify/ModRecipes . do 


Filters: 1 , 5 , 4 


/HopsList.do 


Filters: 5 


/Recipes/Add/AddRecipes . do 


Filters: 1 , 3 , 5 
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Which are true about filters? (Choose all that apply.) 

Q A. A filter can act on only the request or response object, 
not both. 

Q B. The destroy method is always a container callback 
method. 

Q G. The doFilter method is always a container 
callback method. 

Q D. The only way a filter can be invoked is through a 
declaration in the DD. 

□ E. The next filter in a filter chain can be specified either 
by the previous filter or in the DD. 



Which are true about declaring filters in the DD? 
(Choose all that apply.) 


□ 

A. 

□ 

B. 

□ 

G. 

□ 

D. 

□ 

E. 


Unlike servlets, filters CANNOT declare initialization parameters. 

Filter chain order is always determined by the order the elements 
appear in the DD. 

A class that extends an API request or response wrapper class 
must be declared in the DD. 

A class that extends an API request or response wrapper class is 
using the Intercepting Filter pattern. 

Filter chain order is affected by whether filter mappings are 
declared via <url-pattern> or via <servlet-name>. 
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Given the class UserRequest is an implementation of HttpServletRequest, and given that this method 
in an otherwise properly defined Filter implementation: 


20 . 

21 . 

22 . 

22 . 

23. 

23. 

25. 

26. 

27. 

28. 

29. 

30. 

31. 

32. 

33. 


public void doFilter(ServletRequest req, 

ServletResponse response, 

FilterChain chain) 

throws IOException , ServletException { 

HttpServletRequest request = (HttpServletRequest) req; 

HttpSession session = request.getSession(); 

Object user = session.getAttribute (''user"); 
if (user != null) { 

UserRequest ureq = new UserRequest(request, user); 
chain•doFilter(ureq, response); 

} else { 

RequestDispatcher rd = request.getRequestDispatcher (''/login, jsp ’’）； 
rd. forward (request, response); 


Which is true? 

□ A. An exception will always be thrown if line 31 executes. 


□ B. 


Line 28 is invalid because request must be passed 
as the first argument. 


Q G. This line: chain • doFilter (request, response) 

must be inserted somewhere in the else block. 


Q D. This method does not properly implement 

Filter.doFilter () because the method 
signature is incorrect. 

Q E. None of the above. 


you are here ► 729 



mock exam 



Given a partial deployment descriptor: 

11. <filter> 

12 . <filter-name>My Filter</filter-name> 

13 . <filter-class>com. example . MyFilter</filter-class> 

14. </filter> 

15. <filter-mapping> 

16 . <filter-name>My Filter</filter-name> 

17. <url-pattern>/my</url-pattern> 

18 . </filter - mapping> 

19. <servlet> 

20 . <servlet-name>My Servlet</servlet-name> 

21. <servlet-class>com.example.MyServlet</servlet- 
class> 

22. </servlet> 

23. <servlet-mapping> 

24 . <servlet-name>My Servlet</servlet-name> 

25. <url-pattern>/my</url-pattern> 

26. </servlet-mapping> 

Which is true? (Choose all that apply.) 

Q A. The file is invalid because the URL pattern /my 
is mapped to both a servlet and a filter. 


Q B. The file is invalid because neither the servlet name 
nor the filter name is allowed to contain spaces. 


Q G. The filter MyFilter will be invoked after the 

MyServlet servlet for each request that matches 
the pattern /my. 


Q D. The filter MyFilter will be invoked before the 

MyServlet servlet for each request that matches 
the pattern /my. 


Q E. The file is invalid because the <filter> element must 
contain a <servlet-name> element that defines 
which servlet the filter should be applied to. 
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Which about filters are true? (Choose all that apply.) 

Q A. Filters may be used to create request or response wrappers. 

Q B. Wrappers may be used to create request or response filters. 

Q G. Unlike servlets, all filter initialization code should be placed in 
the constructor since there is no init () method. 

Q D. Filters support an initialization mechanism that includes an 
init () method that is guaranteed to be called before the 
filter is used to handle requests. 

Q E. A filter’s doFilter () method must call doFilter () on 
the input FilterChain object in order to ensure that all 
filters have a chance to execute. 

□ F. When calling doFilter () on the input FilterChain, 
a filter’s doFilter () method must pass in the same 

ServletRequest and ServletResponse objects that 
were passed into it. 

Q G. A filter’s doFilter () may block further request processing. 


Which are true about the servlet Wrapper classes? (Choose all that apply.) 

Q A. They provide the only mechanism for wrapping 

ServletResponse objects. 

Q B. They can be used to decorate classes that implement 

Filter. 

Q C. They can be used even when the application does 
NOT support HTTP. 

□ D. The API provides wrappers for ServletRequest, 
ServletResponse, and FilterChain objects. 

Q E. They implement the Intercepting Filter pattern. 

口 F. When you subclass a wrapper class, you must override 
at least one of the wrapper class’s methods. 


you are here ► 


731 




mock answers 






Which are true about filters? (Choose all that apply.) 




A. A filter can act on only the request or response object, 
not both. 


B. The destroy method is always a container callback 
method. 

Q G. The doFilter method is always a container 
callback method. 

D. The only way a filter can be invoked is through a 
declaration in the DD. 

口 E. The next filter in a filter chain can be specified either 
by the previous filter or in the DD. 


I 




C is \Uorrtd, AoHitr is both 
a ddllbddk a^d air\ mime method. 


g: *is orAcr 





Which are true about declaring filters in the DD? 


(Choose all that apply.) 

Q A. Unlike servlets, filters CANNOT declare initialization parameters. 

Q B. Filter chain order is always determined by the order the elements 
appear in the DD. 

Q C. A class that extends an API request or response wrapper class 
must be declared in the DD. 


□ D. 
^ E. 


A class that extends an API request or response wrapper class is 
using the Intercepting Filter pattern. 

Filter chain order is affected by whether filter mappings are 
declared via <url-pattern> or via <servlet-name>. 


igtM ^ fc) 


—Option B is mdo\rV"C£.*t ； 
because <u\rl-fa*t*tcv-h> 

… y >will lie dha'med 
bc-rov-c < 狀 \/1€ 七一 》^|^> 

-Optioh P is ihdo\r\rcd*t, 
w\rappc\rs av-c examples o-f 
the Pcdovaiov- pattev-h. 
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Given the class UserRequest is an implementation of HttpServletRequest, and given that this method 
in an otherwise properly defined Filter implementation: 


20. public void doFilter(ServletRequest req, 

21. ServletResponse response, 

22. FilterChain chain) 


22 . 

23. 

23. 

25. 

26. 

27. 

28. 

29. 

30. 

31. 

32. 


throws IOException , ServletException { 

HttpServletRequest request = (HttpServletRequest) req; 

HttpSession session = request.getSession(); 

Object user = session.getAttribute (''user"); 
if (user != null) { 

UserRequest ureq = new UserRequest(request, user); 
chain•doFilter(ureq, response); 

} else { 

RequestDispatcher rd = request.getRequestDispatcher (''/login, jsp ’’）； 
rd. forward (request, response); 


33. } 

Which is true? 

□ A. An exception will always be thrown if line 31 executes. 






□ B. 


Line 28 is invalid because request must be passed 
as the first argument. 


B is mdo\rv-cd.*t because i*t is 
valid -for a filter -to y/raf a 
(hotc 七 hat Uscv-Rc<\ucs*t ir^ust 
imflcmch-t Scv-vIciRc^ucs-b). 


口 G. This line: chain • doFilter (request, response) 浩: h 。 IS ■代匕七 bcdausc 

must be inserted somewhere in the else block. 严丁 中 ^ 铋 


Q D. This method does not properly implement 

Filter.doFilter () because the method 
signature is incorrect. 


-Opiioh P is because 

thc sijhaW is CoY^rtti. 


1^1 E. None of the above. 
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Given a partial deployment descriptor: 




11. <filter> 

12 . <filter-name>My Filter</filter-name> 

13 . <filter-class>com. example . MyFilter</filter-class> 

14. </filter> 

15. <filter-mapping> 

16 . <filter-name>My Filter</filter-name> 

17. <url-pattern>/my</url-pattern> 

18. </filter-mapping> 

19. <servlet> 

20 . <servlet-name>My Servlet</servlet-name> 

21. <servlet-class>com.example.MyServlet</servlet- 

class> 


22. </servlet> 

23. <servlet-mapping> 

24 . <servlet-name>My Servlet</servlet-name> 

25. <url-pattern>/my</url-pattern> 

26. </servlet-mapping> 

Which is true? (Choose all that apply.) —A ,s m^o\r\rc£.*t because is 

i—I ... pv-opcv- sv^-ta% used to a -Viltcv- to 

LJ A. The file is invalid because the URL pattern /my ikg same as a scv-vlct 

is mapped to both a servlet and a filter. 


□ B. 

□ G. 


The file is invalid because neither the servlet name 
nor the filter name is allowed to contain spaces. 


The filter MyFilter will be invoked after the 
MyServlet servlet for each request that matches 
the pattern /my. 


thev-c is i\o sudh 


C is mdov*v*cd*t kcddusc 


-Option _ 

-fil*tcv-s av-c bc-fov-c 

scv-vIcU ； ho*t 七 CV". 


I^T D. The filter MyFilter will be invoked before the 

MyServlet servlet for each request that matches 
the pattern /my. 


□ E. 


The file is invalid because the <filter> element must 
contain a <servlet-name> element that defines 
which servlet the filter should be applied to. 


-Ofiioh E is ihdo\r\rcdi because 

a <sc\rvlc-t-hamc> 

o\r a <u\rI—Pa*t*tc\rh> be used 

withih a <+i|-tc\r-r^app*mj> element 
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Which about filters are true? (Choose all that apply.) 

YI A. Filters may be used to create request or response wrappers. 
Q B. Wrappers may be used to create request or response filters. 


□ G. 
D. 


Unlike servlets, all filter initialization code should be placed in 
the constructor since there is no init () method. 

Filters support an initialization mechanism that includes an 
init () method that is guaranteed to be called before the 
filter is used to handle requests. 




B is *mdo\r\rc£.*t because 
the -tcv-m'moloJY is \rcvcv-scd. 

-Option C is mdon-cd.*t bcddusc 

is ah mi*tO method 
七 ha 七 should be used -for -filter 


□ E. 

□ F. 

0(^ G. 


A filter’s doFilter () method must call doFilter () on 
the input FilterChain object in order to ensure that all 
filters have a chance to execute. 

When calling doFilter () on the input FilterChain, 
a filter’s doFilter () method must pass in the same 

ServletRequest and ServletResponse objects that 

were passed into it. f t 

A filter’s doFilter () may block further request processing. 


-Option E is mdovred 七 because 
dal I’m J doFiltcvO is ho 七 ^edessavy 
i-P d +il*tcv wishes *to blodk 
-fuirthcir \rc^ucs*t pirodcss'mg. 

F is ihdo\r\rcd*t because *thc 
Til*tc\r may dhoosc bo \zv~ap” -the 


■■ (API) 

Which are true about the servlet Wrapper classes? (Choose all that apply.) 

□ A. They provide the only mechanism for wrapping —Option A ,s >^^o\rv-c^*b kc^3usc y ou 

ServletResponse objects. dreate your ow v/v-appev- dlass. 

□ B. They can be used to decorate classes that implement —B is *md.ovvc6*t because these classes 

Filter. a\rc used bo >w\raf \rc<\ucsts a^d responses. 


5^ G. They can be used even when the application does 
NOT support HTTP. 

□ D. The API provides wrappers for ServletRequest, — P is *m6ovv*cd*t because the API 

ServletResponse, and FilterChain objects. docs NOT provide 3 PillerCWm wrappev*. 


□ E. 


They implement the Intercepting Filter pattern. 


-Option B is *mdo\r\rcd*t bedause these w\rappcvs 
implement *thc Dcdo\ra*to\r 


□ F. 


When you subclass a wrapper class, you must override 
at least one of the wrapper class’s methods. 
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14 patterns and struts 


Enterprise Design Patterns 



Someone has done this already, if you re just starting to develop 
web applications in Java, you’re lucky. You get to exploit the collective wisdom 
of the tens of thousands of developers who’ve been down that road and got the 
t-shirt. Using both J2EE-specific and of/?er design patterns, you can can simplify 
your code and your life. And the most significant design pattern for web apps, 
MVC, even has a wildly popular framework, Struts, that’ll help you craft a flexible, 
maintainable servlet Front Controller. You owe it to yourself to take advantage 
of everyone else’s work so that you can spend more time on the more important 
things in life (skiing, golf, salsa dancing, soccer, poker, playing the accordion...). 


this is a new chapter 
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J2EE Patterns 


Coverage Notes: 


11.1 Given a scenario description with a list of issues, 
select the one of the following patterns that would 
solve those issues: Intercepting Filter, Model- 
View-Controller, Front Controller, Service Locator, 
Business Delegate, and Transfer Object. 

11.2 Match design patterns with statements 
describing potential benefits that accrue from 
the use of the pattern, for any of the following 
patterns: Intercepting Filter, Model-View- 
Controller, Front Controller, Service Locator, 
Business Delegate, and Transfer Object. 


The objectives in this section are covered 
completely in this chapter. No, make that MORE 
than completely. The exam questions on patterns 
are the least tricky of all the possible questions 
you’ll see on the exam, so you can almost relax in 
this section. 

If you’re already familiar with the fundamental 
enterprise design patterns, you can probably 
answer the exam questions on patterns. 

And although Struts is not on the exam, this 
chapter also includes an introduction to Struts, 
currently the most commonly-used framework for 
an MVC web application. 
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Web site hardware can get complicated 


In the Real World, web apps can get complicated. A popular web site 
can get hundreds of thousands of hits per day. To handle this kind of 
volume, most big web sites create complex hardware architectures in 
which the software and data is distributed across many machines. 

A common architecture you’re probably quite familiar with is 
configuring the hardware in layers or “tiers” of functionality. Adding 
more computers to a tier is known as horizontal scaling, and is 
considered one of the best ways to increase throughput. 



Client 





Web 


browser 






Client 


Web 

browser 


/HMiirr\Q 

Client 


Most of ihe 
software for a big 
web application 
lives in either the 
“Web Tier” or Ae 
“Business Tier”. 



DB 


Legacy 

Database 


Firewall 


The w W!cb Ticv- W o\r u Pv-csc^*ta*bio^ Tic\r W . 
This is wlicvc *thc sc\rvlc*b dhd JSPs live. 
/\s a y/eb site mov-c hi*U, scv-vcv-s 
tBv\ be added b> handle the load- 


v,^dlc 州 。代 士 c . 
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web apps 


Web application software can get complicated 

As we’ve seen, it’s very common for a web application to be made up of 
many different kinds of software components. The web tier frequently 
contains HTML pages, JSPs, servlets, controllers, model components, 
images, and so on. The business tier can contain EJBs, legacy applications, 
lookup registries, and in most cases database drivers, and databases. 


drivers ^ ers co tttrolle^ 


views 

JSPs 

models 


images 


servlets 

Jmi 


EJBS 





How am I going to keep 
all this stuff organized? 
What if the requirements 
change? How can I get 
this to run fast? 
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Lucky for us, m have J2EE patterns 

The good news is that a lot of people have been using J2EE 
containers to solve the very same problems you’re likely to 
encounter. They found reoccuring themes in the nature of the 
problems they were dealing with, and they came up with reusable 
solutions to these problems. These design patterns have been 
used, tested, and refined by other developers, so you don’t have to 
reinvent the wheel. 


Common pressures 

The most important job for a web app is to provide the end user 
with a reliable, useful, and correct experience. In other words, the 
program must satisfy the functional requirements such as “select a 
beer style” or “add malt to my shopping cart”. Once you’ve made 
sure that the system supports the use cases, you’ll most likely be 
faced with another set of requirements — requirements for what 
happens behind the scenes, i.e. the /z ⑽ -functional requirements. 


ir^^rpen your pencil 


What are the “ilities ”？ 

What are some of the important non-functional 
requirements of a system you’ve worked on (or 
could imagine working on)? One clue is that most 
of the requirements words end with “ility” (for 
example, “maintainab///fj/’). 


A Software design pattern 
is “a repeatable solution 
for a eo 顺 only - oeeuring 
software probleiq/' 
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Performance (and the "ilities") 

Here are three of the most important non-functional 
requirements you’re likely to face: 


① Performance 

If your website is too slow, you’ll (obviously) lose users. 

In this chapter, we’ll look at how patterns can help an 
individual user experience faster response time, and how 
patterns can help your system support a greater number 
of simultaneous users (throughput) . (More on this when 
we discuss the Transfer Object.) 


@ Modularity 

In order for different pieces of your application to run 
on different boxes at the same time, your software is 
going to have to be modular... and modular in just the 
right ways. 


If J2EE patterns can help 
me solve all of these issues, I'll be 
the hero around here. And that could lead 
to more stock options. And when we get 
another dot com bubble... those options 
could actually be worth something. 


O 


o 


③ Flexibility, Maintainability, and Extensibility 

Flexibility: You need to change your system without 
going through some big development cycle. You 
might need to swap in the “limited time, special 
offer” components for a big sale. You might find a bug 
in a new component and need to swap in the older 
component temporarily. You need your system to be 
flexible. 

Maintainability: You might need to change database 
vendors, and update your system quickly. You might 
get obscure bugs and need to track them down ASAP. 
The admins might decide to restructure the company’s 
naming service, and you’ll have to adjust — right now! 
You need your system to be maintainable. 

Extensibility: The guys over in marketing might need 
a new feature to land that big client. Your users might 
demand that you support a brand new feature that their 
browsers have. Your system had better be extensible! 
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Aligning our vernaculars... 

All of the J2EE patterns rely heavily on common software 
design principles you’re probably very familiar with. In 
the next few pages, we fling around several terms for these 
design principles. Different people and books might have 
different perspectives on the same terms, so we’re giving you 
our definitions now, so that you’ll know what we mean. 


Code to interfaces 

As you recall, an interface is a kind of a contract between two 
objects. When a class implements an interface, it’s saying in 
effect: “My objects can speak your language.” Another huge 
benefit of interfaces is polymorphism. Many classes can 
implement the same interface. The calling object doesn’t 
care who it’s talking to as long as the contract is upheld. For 
example, the web container can use any component that 
implements the Servlet interface. 


Separation of Concerns & Cohesion 


We all know that when we specialize the capabilities of our 
software components, they get easier to create, maintain, 
and reuse. A natural fallout of separating concerns is that 
cohesion tends to increase. Cohesion means the degree to 
which a class is designed for one, cohesive, task or purpose. 


Hide Complexity 

Hiding complexity often goes hand in hand with separating 
concerns. For instance if your system needs to communicate 
with a lookup service, it’s best to hide the complexity of that 
operation in a single component, and allow all the other 
components that need access to the lookup service to use 
that specialized component. This approach simplifies all of 
the system components that are involved. 


00 design principles 


More design principles... 

Loose Coupling 

By their very nature, OO systems involve objects talking to each other. 
By coding to interfaces, you can reduce the number of things that one 
class needs to know about another class to communicate with it. The 
less two classes know about each other, the more loosely coupled 
they are to each other. A very common approach when class A wants 
to use methods in class B is to create an interface between the two. 
Once class B implements this interface, class A can use class B via the 
interface. This is useful, because later on you can use an updated class 
B or even an entirely different class, as long as it upholds the contract 
of the interface. 

Remote Proxy 

Today, when a web site grows, the answer is to lash together more 
servers, as opposed to upgrading a single, huge, monolithic server. 

The outcome is that Java objects on different machines, in their own 
separate heaps, have to communicate with each other. 

Leveraging the power of interfaces, a remote proxy is an object local 
to the “client” object that pretends to be a remote object. (The proxy 
is remote in that it is remote from the object it is emulating.) The 
client object communicates with the proxy, and the proxy handles 
all the networking complexities of communicating with the actual 
“service” object. As far as the client object is concerned, it’s talking to 
a local object. 


Increase Declarative Control 

Declarative control over applications is a powerful feature of 
J2EE Containers. Most commonly, this declarative control is 
implemented using the application’s deployment descriptor (or 
DD). Modifying the DD gives us the power to change system 
behaviors without changing code. The DD is an XML file that can 
be maintained and updated by non-programmers. The more that 
we write our web applications to leverage the power of the DD, the 
more abstract and generic our code becomes. 
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Patterns to support remote model components 

We’ve talked at a very theoretical level about how J2EE patterns can help simplify 
complex web applications. We’ve also talked about the software design principles 
that underlie J2EE patterns. With that foundation in place, let’s get our feet wet 
by talking about a few of the simpler J2EE patterns. All three of the patterns we’re 
about to discuss share the goal of making remote model components manageable. 


A Fable- The Beep Grows 


Once upon a time there was a small dot com that had a website that offered 
home brewing recipes, advice, ingredients and supplies for beer aficionados. 
Being a small company (with big plans), they had only one production server to 
support the site, but they had created two separate software development teams 
to grow the application. The first team, known as the “Web Designers” focused 
their attentions on the view components of the system. The second team, 
known as the “Business Team” focused on the controller components (Rachel’s 
focus), and the model components (Kim’s area). 


IVs the user experience 
dude... Were all about the 
style sheets. DorVt bother us with 
your business tier issues—were 
creating art. 



Performance 

is really becoming a big issue. 

We’ve got a small budget for 
hardware now, but I know we’ll have to 
be ready to split off more pieces of 
the app when the time comes. 



U 

Server 



Rachel and Kim, 
the Business Team 
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MVC when everything is local 


How the business Team supports the 
web designers when the MVC components are 
n/wwiwg ow owe JVM 


As long as the business guys keep the interfaces to their model components 
consistent, everyone will be happy. The two key interface points in their 
design are when the controller first interacts with a model component (steps 1 
and 2 below), and then later, when a JSP view interacts with the bean it needs 
(steps 3 and 4 below). 

Getting customer data for a client... 


Rachel’s turf 


The dlic^Vs request 

scr\*t *to model. RatKcl s 
is -fov 七 iVis *fco be stable. 


Customer 

Bean 


Web designers hang 
out here... 


Kim's Responsibilty 


The JSP uses EL -to 
3^6css -ihc Cus"tomcv* 

Be 如 piropcirtics. The web 
dcsighcir s need is -fov- -this 

i“ *to be stable. 


Legacy 

Database 



A plain 

3r\ EJB- 


1 Having received a request 
for customer information, 
the Controller calls the 
ManageCustomer service 
component (a Model). The service 
component does a JDBC call to 
the legacy database, then creates 
a Customer bean (this is NOT an 
EJB, just a plain old JavaBean), 
populated with customer data from 
the database. 

2 The Controller adds the 
Customer bean reference to the 
request object, as an attribute. 

3 The Controller forwards to 
the View JSP. The JSP gets the 
reference to the Customer bean 
from the request object. 

4 The View JSP uses EL to get 
the Customer Bean properties 

it needs to satisfy the original 
request. 
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How will they handle rgmofg objects? 

Things are fairly simple when all the web app components 
(model, view, controller) are on the same server, running in 
the same JVM. It’s just plain old Java — get a reference, call a 
method. But Kim and Rachel now have to figure out what to 
do when their model components are remote to the web app. 


JNDI and RMI，a quick overview 

Java and J2EE provide mechanisms that handle two of the 
most common difficulties that arise when objects need to 
communicate across a network — locating remote objects, 
and handling all the low level network/IO communications 
between local and remote objects. (In other words, how to 
find remote objects, and how to invoke their methods.) 

JNDI in a nutshell 

JNDI stands for Java Naming and Directory Interface, 
and it’s an API to access naming and directory services. 
JNDI gives a network a centralized location to find 
things. If you’ve got objects that you want other 
programs on your network to find and access, you 
register your objects with JNDI. When some other 
program wants to use your objects, that program uses 
JNDI to look them up. 

JNDI makes relocating components on your network 
easier. Once you’ve relocated a component, all you need 
to do is tell JNDI the new location. That way, other 
client component only need to know how to find JNDI, 
without knowing where the objects registered with JNDI 
are actually located. 

RMI in a nutshell 

RMI stands for Remote Method Invocation, a 
mechanism that greatly simplifies the process of getting 
objects to communicate across a network. Turn the page 
and we’ll do a quick refresh, in case you’re a little rusty. 

Why think about RMI here? Because it will help make 
two of the J2EE design patterns easier to understand and 
appreciate. 


So, we have to move some 
of our model components off 
of the web server hardware and 
on to the business tier servers. 
You know this won’t be the 
last time... 



Exactly! 

Plus, you can bet that, 
in the end, well be affecting a 
lot of objects. Our design for 
network communications 
better be as simple as 
possible. 
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RMI makes life easy 


You want your objects to communicate across a network. In other words, you want an object in 
one JVM to cause a method invocation on a remote object (i.e. an object in a different JYM) , but 
you want to pretend that you’re invoking a method on a local object. That’s what RMI gives you — 
the ability to pretend (almost) that you’re making a regular old local method call. 


What we want. 


I just want to call a method 
on this object, you know, a 
simple 、、 getCustbata ()〃 would be 
nice, I do NOT want to do a bunch 
of networking and 10. 


rm happy to do 
a little extra work up front 
so that remote clients can call 
my methods without having 
to know where I reside. 


o 





How RMI pulls it off 


Client 

Object 



Server 

Object 


Let’s say your “business guy” hat is on, and you want to make an object available to remote 
clients. Using RMI, you’ll create a proxy and you’ll register your object with some sort of 
registry. Any client who wants to call your methods will do a lookup on the registry and get a 
copy of the remote proxy. Then the client will make calls on the remote proxy, pretending it’s 
the real thing. The remote proxy (called a stub), handles all the communications details like 
sockets, I/O streams, TCP/IP, serializing and deserializing method arguments and return 
values, handling exceptions, and so forth. 

(Oh, by the way, there’s usually a proxy on the server side (often called a “skeleton ”)， doing 
similar chores on the server side where the remote object lives.) 


An RMI miracle occurs... 


getCustData() 




Skeleton 


Server 

Object 


The client machine 


T\\t Vcmotc fv-o%y w 


The server machine 


TKcvc av-c 1> versions 

o( ytCus 七 Da*ta()! 

The vc 眯 o*tc 

*tKc skclc-to^s and 
sevve/s, v/K*idV> 

•is veal <wc. 
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Just a little more RMI review 

Without doing an entire RMI tutorial,* we’ll look at a few more high level 
RMI topics to make sure we’re all talking the same talk. Specifically, we’ll 
look at the server side and client side of using RMI. 


RMI on the Server side in 4 steps 

(An overview of the steps to make a remote model 
service that runs on the server.) 

Create a remote interface. This is where the signature for methods 
like getCustData() will reside. Both the stub (proxy) and the actual 
model service (the remote object) will implement this interface. 

Create the remote implementation, in other words, the 
actual model object that will reside on the model server. This 
includes code that registers the model with a well-known registry 
service such as JNDI or the RMI registry. 

Generate the stub and (possibly) skeleton. RMI provides a compiler 
called rmic that will create the proxies for you. 

Start/run the model service (which will register itself with the 
registry and wait for calls from far-away clients). 

The client side, with and without RMI 

Let’s compare the pseudo-code of a client using RMI to the 
pseudo-code of a client NOT using RMI. 


① 

② 

③ 

④ 


The client without RMI 


public void goClient() { 

try { 

// get a new Socket 

// get an OutputStream 
// chain it to an Obj ectOutputStream 

// send an opcode & op arguments 
// flush OS 

// get the InputStream 
// chain it to an ObjectlnputStream 

// read the return value and/or 
// handle exceptions 

// close stuff 

} // catch and handle remote exceptions 


The client with RMI 

public void goClient() { 

try { 

// lookup the remote object (stub) 

// call the remote object's method 
} // catch and handle remote exceptions 


*lf you aren’t really familiar with RMI, drive to your local bookstore, 
pick up (but don’t buy) a copy of Head First Java, and just read 
the sections on RMI. Then put the book back on the shelf, face 
forward, in front of the competing book of your choice. Make 
sure that the cover is dusted and don’t spill coffee on it. 


you are here ► 749 


using a remote model 


Adding RMI and JNP1 to the controller 

Let’s focus on what we need to do to keep Rachel’s life as simple 
as possible. In other words, what impact does adding JNDI and 
RMI have on the controller? 

3 steps to using a remote object 

Kim, the model guy, registers his model 
component with the JNDI service. 


When Rachel’s controller gets a request, the 
controller code does a JNDI lookup to get the 
stub proxy for Kim’s remote model service. 


Stub 


The controller makes business method calls 
against the stub, just as though the stub were 
the actual model object iself. Almost... 


t=3 



Manage 

Orders 

Stub 


JNDI 

Server 



Stub 
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Sure, the method calls are pretty 
close to what I was doing before when the 
model was local, but I still have to change 
the Controller code to put in the whole JNDI 
lookup. I was hoping for something that would 
let me use the same Controller regardless of 
whether the model is local or remote. 


t^^rpen your pencil 


How can this design 
be improved? 

1 - What are the problems with this design (list at least two)? 

2 - How might you change this design to handle those problems? 




C 



Problems: 


Solution: 
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How about a "go-betwcew" object? 

A common solution to the design problems we left you with is 
to create a new object — a single, “go-between” object for the 
controller to talk to rather than having the controller deal directly 
with the remoteness of the remote model. 

Problem 1: Hide the complex JNDI lookup 

If Rachel’s controller lets a “go-between” object handle the JNDI 
lookup, the controller code can stay simpler, free from having to 
know where (and how) to look up the model. 

Problem 2: Hide “remote-ness complexity” 

If the “go-between” object can handle talking to the stub, 

Rachels’ controller can be shielded from all the remote issues 
including remote exceptions. 



JNDI 



Models 


Service 

Manage 

Customer 


Entity 



Customer 
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The "go - betwW is a Pusmcss Pckgafg 

Let’s take a look at the pseudo-code for a typical Business Delegate, and 
at how Business Delegates tend to be deployed in the web container. 

Notice that there will be LOTS of Business Delegates on the web tier. 

A Business Delegate’s pseudo-code 

// get the request and do a JNDI lookup 
// get back a stub 

// call to the business method 
// handle & abstract any remote exceptions 
// send the return value to the controller 



jharpen your pencil 


Uh-oh. Duplicate Code Alert 


(Describe where the duplicate 
code exists and how you 
could solve that problem.) 
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service locator 


Simplify your business delegates 
with the Service Locator 


Unless your Business Delegates use a Service Locator, they 
will have duplicate code for dealing with the lookup service. 

To implement a Service Locator, we’ll take all of the logic 
for doing the JNDI lookup and move it out of the multiple 
Business Delegates and into a single Service Locator. 

Typically in J2EE applications, there will be a number of 
components that all use the same JNDI service. While a 
complex application might use several different registries 
such as JNDI and UDDI (for web service endpoints), an 
individual component will typically need access to only one 
registry. In general, a single Service Locator will support a 
single, specific registry. 

By making the Business Delegate an object that handles 
only the business methods rather than also handling the 
registry lookup code, you increase the cohesion for the 



A Service Locator’s 
pseudo-code 

// obtain an InitialContext object 
// perform remote lookup 
// handle remote issues 
// optionally, cache references 
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Dumb Questions 


This whole discussion has assumed RMI; what if 
our company is using CORBA? 


A • 

All of the patterns we’re discussing can be 
implemented more or less independently of J2EE 
technologies. Admittedly, they will be easiest to 
implement in J2EE, but they do apply to other situations. 


A: 


Is the same thing true for JNDI? 


Well, there ore other Java-related registries 


besides JNDI 一 RMI and Jini come to mind. Of those 


three, JNDI is probably the best choice for most web 
apps, it’s easy and powerful. (Although the authors 
would personally love to see Jini take its rightful place in 
the distributed world.) You might also be dealing with 
non-Java registries like UDDI. In any case, the patterns 
will still work, even though the code changes, of course. 


It seems like these patterns are forever adding 
a new layer of objects to the architecture. Why is this 
approach so common? 


A • 

You’re right that this is a common part of a lot 
of patterns. Assuming that your design is good, think 
about the software design benefits inherent in this 
approach... 


A: 


OK, well, cohesion comes to mind... 


Right! Both the Business Delegate and the 


Service Locator increase the cohesiveness of the 
objects they support. Another driving force is network 
transparency. Adding a layer often shields existing 
objects from being network aware. Then of course, 
closely related to cohesion is separation of concerns. 




Separation of concerns buys me...? 


A I 

Let’s take the Service Locator as an example. In 
the event that your registry gets a new network address 
and/or registry interface, it’s far easier to modify a single 
Service Locator than change a whole flotilla of Business 
Delegates. In general, separation of concerns buys us a 
lot of flexibility and maintainability. 


o ： 

In your examples so far, you've taken POJOs 
that were local, and made them remote. Isn't it more 
likely that V\\ be faced with integrating existing EJBs 
into my web app? 


By POJOs, we assume you mean "Plain Old 
Java Objects”, of course. And yes, it is likely that you’ll 
be integrating EJBs into your app. And in fact that’s 
yet another reason to use these two patterns... your 
controller (and view) should never have to care whether 
the model is a local JavaBean, a remote POJO, or an 
enterprise Java Bean (EJB). Without using ServiceLocator 
and Business Delegate, that difference means a lot — 
enterprise beans and plain old remote objects don’t use 
the same lookup code! 

Using these patterns, you can encapsulate the issues 
related to how and where the model is discovered and 
used, and keep the controller happy and clueless, so 
that you won’t have to change your controller code 
when the business guys change things and move things 
around on the business tier. You’ll update only the 
Service Locator and (possibly) the Business Delegate. 
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Protecting the web designer's JSPs 
from remote model complexity 

By using the Business Delegate and Service Locator patterns, 
we’ve got Rachel’s controllers protected from the complexities of 
remote model components. Now let’s see if we can do the same 
for the web designer’s JSPs. 

Quick review of the old non-remote way — the 
JSP uses EL to get info from the local model. 

This diagram should look familiar from earlier in the chapter. 
The JSP gets the bean reference from the request object (step 3), 
then calls getters on the bean (step 4). 




DB 


Legacy 

Database 


1 Having received a request 
for customer information, 
the Controller calls the 
ManageCustomer model 
component. The model 
component does a remote call 
to the legacy database, then 
creates a Customer bean, 
populated with customer data 
from the database. 

2 The Controller adds the 
Customer reference to the 
request, as an attribute. 

3 The controller forwards to 
the View JSP. The JSP gets a 
reference to the Customer bean 
from the request object. 


${customer.name} 

4 The View JSP uses EL 
to get the Customer Bean 
properties it needs to satisfy the 
original request. 
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Compare the local model diagram to 
this remote model diagram 


Don’t 

Panic! 


The shaded area in this diagram should look a 
LOT like the previous diagram, especially if you 
remember that the Business Delegate is pretending 

to be the Manage Customer model. 



EL c%pvcss*ior\s aym … （ yes, y ou CAN use 
EL aja'ms*t s-tub ； assurnm^ *tKc busmess 
Kas JavaBca^-stylc yiitrs). 


r>c*t>wovk dal I is 
1000 jimes as 
as a lo^al method dall! 


Legacy 

Database 


A 6-step review: 

1 Register your services with JNDI. 

2 Use Busines Delegate and Service Locator to get 
the Manage Customer stub from JNDI. 

3 Use the Business Delegate and the stub to get the 
“Customer Bean”, which in this case is another stub. 
Return this stub’s reference to the controller. 


4 Add the Customer stub reference to the request. 

5 The controller forwards to the View JSP. The JSP 
gets a reference to the Customer bean (stub) from the 
request object. 

6 The View JSP uses EL to get the Customer Bean 
properties it needs to satisfy the original request. 

BIG NOTE: Every time the JSP invokes a getter, 
the Customer stub makes a network call. 
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JSPs and remote beans 


There's good news and bad mm... 

The previous architecture succeeds in hiding complexity from both the 
controllers and the JSPs. And it makes good use of the Business Delegate and 
Service Locator patterns. 

The bad news: 

When it’s time for the JSP to get data, there are two problems, both related to the 
fact that the bean the JSP is dealing with is actually a stub to a remote object. 

1 - All those fine-grained network calls are likely to be a big performance hit. 

Think about it. Each EL expression triggers a remote method invocation. Not only 
is this a bandwidth/latency issue, but all those calls cause the server some problems 
too. Each call might lead to a separate transaction and database load (and possibly 
store!) on the server. 

2 - The JSP is NOT a good place to be handling exceptions that might occur if the 
remote server crashes. 

Why not have the JSP talk to a plain old bean 
instead of a stub? 


If you want the JSP to talk to a JavaBean, where 
will this bean come from? 


蠢 


A 

Well, it used to come from the local model/service 
object, so why not have it come from the remote model/ 
service object? 




How do you get a bean across the network? 


A • 

Hey, as long as it’s serializable, RMI has no problem 
sending an object across the network. 




So what would this buy us again? 


A • 

First of all, we’d have one big network call instead of 
a lot of little ones. Second, since the JSP would be talking 
to a local object, there’d be no remote exceptions to worry 
about! 


Wait a minute... I see a little problem here. Or 
maybe a big problem — if you’re using a bean on the 
client side, doesn’t that bean’s data become stale the 
moment it's sent? 


A I 

Yes, you’re right, and this IS a trade-off: 
performance vs. how current the data is. You have to 
decide which makes sense based on your requirements. If 
the data used by your view component must absolutely, 
positively, represent the current state of the database at 
all times, then you need a remote reference. For example, 
if you make three calls, say, getNameO, getAddressO, and 
getPhoneO on customer, you’ll probably decide that this 
information doesn’t change rapidly enough to make it 
worth going back to the database (via the remote object) 
just in case the customer’s phone number changed IN 
BETWEEN the call to getNameO and getAddressO. 

On the other hand, you might decide that in a highly 
dynamic environment, where a customer is making 
transactions 24/7, you DO need to show the most up-to- 
date info. Sending a JavaBean back for the client means 
the View would have a snapshot of the database at the 
moment the bean was populated, but since the bean has 
no connection to the database, the data begins to go stale 
immediately. 
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Time for a Transfer Object? 


If it’s likely that a business service might be asked to send or receive all or most of 
its data in a big, coarse-grained message, it’s common for that service to provide 
that feature in its API. Commonly, the business service creates a serializable Java 
object that contains lots of instance variables. Sun calls this object a Transfer 
Object. Outside of Sun there is a pattern called Data Transfer Object. Guess what? 
They’re the same thing. (Yeah, we feel the same way about that.) 



Business 

Delegate 


o 


Manage 

Customer 

Stub 



getCustPataO -- > 





Serialized 

Transfer 

Object 



Remote 

Server 


Manage 

Customer 


Oust a C 


Revest Tva^cv 
i\\t stub. 


createCust() 
deleteCust() 


The client’s perspective, inside 
the Business Delegate: 

TV^C Object 

try { sC 

Customer c = custStub•getCustData(custID) 

} catch (RemoteException re) { 

throw new CustomerException(); ^ ^ , L . . 

Lat ^ h ^rwotc cx^eptiohs ahd w^af 

tliCrw ih a highev- level CX^cptioh. 

That’s it. Under the covers, the Transfer Object is serialized, shipped, and 
deserialized on to the client’s local JVM heap. At that point, it is just like any 
other local bean. 


getCustData() 
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service locator vs. business delegate 


ScrVICG LOCafOr* ftWtl ^USIliGSS Pelegftfe Listen in as our two black-belts debate which 

both simplify model components pattern is better — Service Locator or Business 

Delegate. 


Service 

Locator 



Business 

Delegate 


Service Locator is the superior pattern. First of all, 
unlike the Business Delegate, one Service Locator 
instance can support an entire application tier. 


Service Locator is more efficient with network calls. 
It can cache references to stubs or service stubs once 
it has located them, reducing network traffic for 
subsequent calls. 


Heavy burden? Your simple business data does not 
impress me. 


Ah, maybe programmers do benefit, but your simple 
pattern seems to forget that it often exists in a network 
environment. It will make many calls to business 
services with no restraint, no consideration for the 
overhead of remote calls. 


Yes, yes, your weak pattern needs assistance, we all 
know that. But when you partner with a Transfer 
Object other demons can haunt you... you haven’t 
forgotten your little problems with data staleness and 
concurrency, have you? 


That’s true, but Service Locator needs to talk to only 
one remote entity. Business Delegate must handle many 
entity objects. 


With much respect, you are forgetting that 
Service Locator has a much easier task. The 
Business Delegate must carry the heavy burden of 
communicating with a dynamic object, whose data 
might change at any moment. 

A Business Delegate gives web application 
programmers much more benefit than your Service 
Locator. 


Ah ha! The Business Delegate is not ashamed to 
form an alliance with the Transfer Object! Working 
as a team, they help the programmer AND minimize 
remote calls. 


No, I haven’t forgotten. But when these issues come 
up they can be solved. You cannot expect to achieve 
great things without a little extra effort... nothing in 
J2EE is ever black and white. 


760 chapter 14 








patterns and struts 


business tier patterns: quick review 


To wrap up our discussion of business tier patterns, here’s a 
diagram that shows a Business Delegate, a Service Locator, 
and a Transfer Object in action. At the end of the chapter 



2 Use Business Delegate and Service 
Locator to get the Manage Customer stub 
from JNDI. 

3 Use the Business Delegate and the 
stub to get the “Customer Bean”, which 
in this case is a Transfer Object. Return 
this Transfer Object’s reference to the 
controller. 


5 The controller forwards to the View JSP. 
The JSP gets the reference to the Customer 
Transfer Object bean from the request object. 

6 The View JSP uses EL to get the Customer 
Transfer Object Bean’s properties it needs to 
satisfy the original request. 
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MVC app 


Our very first pattern revisited... MVC 


As luck would have it, the very same pattern we’ve been using in 
the book is on the exam. The last two patterns we’re covering 
are presentation tier patterns, as was the Intercepting Filter. 

First we’ll pick up where we left off talking about MVC. That 
discussion will lead us into Struts and finally Front Controller. 

Where we left off... 


MODEL 

Holds the real business logic and the 
state. In other words, it knows the 
rules for getting and updating state. 


Let’s do a quick review of where 
we left off in chapter 2. 


A Shopping Cart’s contents (and the 
rules for what to do with it) would be 
part of the Model in MVC. 

It’s the only part of the application 
that talks to the database. 


CONTROLLER 

Takes user input from the request 
and figures out what it means to 
the model. 


Tells the model to update itself, 
makes the model state available 
for the view (the JSP) and 
forwards to the JSP. 


Scvvlci 




Controller 




View 


VIEW 

Responsible for the presentation. It 
gets the state of the model from the 
Controller (although not directly; the 
Controller puts the model data in a 
place where the View can find it). 


Off Track ： GFUI MVC vs Web MVC 

MVC existed before the World Wide Web 
came along. In its first incarnation, MVC was 
a design to simplify complex GUI applications. 
First created in Smalltalk, one of MVCTs chief 
attributes was that the View would be notified 
automatically of changes to the Model. 

More recently, MVC has been used on the 
web, even though the View is in the browser 
and cannot be automatically updated when the 
Model changes in the web tier. Our focus is 
entirely on the web version of MVC. 

Finally, we’re always talking about MVC, 
model 2, never the older Model 1 or 1.5 
MVGs. 
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MVC m a real web app 


Way back in chapter two, we left you with a “Flex your mind” exercise about potential 
problems with our Dating App MVC architecture. Let’s review where we left off and 
get around to answering the question that’s certainly been haunting you for all these 
chapters: what could possibly be better than MVC? 

For each browser use case, there will be a corresponding set of Model, View, and 
Controller components, which might be mixed and matched and recombined in many 
different ways from use case to uses case. 


The problem we had in the dating app was that we had many specialized controllers, 
which sounded good from an OO perspective, but left us with duplicate code across 
all the different controllers in our app, and didn’t give us a nice happy feeling about 
maintainability and flexibility. 

A single MVC app will have many models, views, and controllers. 


Use cases 


/iJpdateN 
l Address 、 


Controller 


Model 


Manage 
Customer 


Print 
Statement 


I hate the way my 
MVC app has so many 
different controllers, with all the 
duplicate code... but I don’t want 
to go back to one monolithic 
massive servlet handling all the 
different use cases... 


And seriously, take a close look 
at that controller code. Ifs all over 
the place, handling requests, dealing 
with the model, dispatching, forwarding, 
I mean—just what IS the controllers 
job?? A controller doesiVt look very 
cohesive to me. 




o 


a 
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the MVC controller 


Looking at the MVC controller 

Let’s see if we agree with what’s been said about controllers. First, 
a reminder about the controller servlet’s job: 


Pseudo-code for a generic MVC controller 

public class ControllerServlet extends HttpServlet 
public void doPost(request, response) { 

① String c = req. get Parameter (''startDate^); 

// do a data conversion on the date parameter 


// validate that date is in range 


// if any errors happen in validation, 

// forward to hardcoded ''retry” JSP 

// invoke the hardcoded model component(s) 

// add model results to the request obj. 

// (maybe a reference to a bean) 

// dispatch to the view JSP 
// (of course it's hard coded) 


Deal with the 

request parameters 


Deal with the model 


Deal with the view 


—i^^irpen your pencil 


What principles does this 
component violate? 

List three or more software design principles 
this pseudo-code violates. 
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Improving the MVC controllers 

Besides a lack of cohesiveness, the controller is also tightly 
coupled to the model and the view components. And there’s yet 
another Duplicate Code Alert here. How can we fix things? 



The controller’s 
three main tasks 

A better way to 
handle it? 

① 

Get and deal with the 

request parameters 

Give this task to a separate form validation component that can get 
the form parameters, convert them, validate them, handle validation 
errors, and create an object to hold the parameter values. 

② 

Invoke the model 

Hmmm... we don’t like hard-coding the model into the controller, so 
maybe we could do it declaratively, listing a bunch of models in our 
own custom deployment descriptor that the controller could read 
and, based on the request, figure out which model(s) to use. 

③ 

Dispatch to the View 

Why not make this declarative as well? That way, based on the 
request URL, the controller can tell (from our custom deployment 
descriptor) which view to dispatch to. 


New and (shorter) controller pseudo-code 

public class ControllerServlet extends HttpServlet { 

public void doPost(request, response) { 

// call a validation component declaratively 
// (have it handle validation errors too!) 

// declaratively invoke a request processing 
// component, to call a Model component 

// dispatch to the view JSP declaratively 


This looks great 
to me! ril feel a lot less 
schizophrenic if I*m 
designed this way. 


o 

o 



Controller 
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designing our fantasy controller 

Let’s do another one of our now-infamous 
architectural diagrams to see what this controller 
and its support components might look like. 




Request 



Declare 

Mappings 

XML 



Form 

Validation 

Component 


Controller 



Having received a request, the Controller 


Request 

Action 

Component 


locates the correct Form Validation 
Component in the Declarations XML file. The 
Controller invokes the Form validator, sending it 
the request. If the validator finds any errors, it 
tells the controller which view to return. 



Model 


2 Using the Declarations XML file, the 
Controller locates and invokes the Request 
Action Component component, which invokes 
the model. 

3 Using the Declarations XML file, the 
Controller locates and invokes the View. 


View 


Wait a minute... 

Ive seen this before. 
Youre trying to disguise 
STRUTS! 


o 

Q 



Controller 
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Yes! Ifs Struts m a nutshell 


Obviously this is an overview, and we’ve left out pretty much 
all of the details, but this is the basic idea behind the Struts 


framework. Let’s look at a few more details, starting with the 
fact that we’ve changed all the names... 



Key Struts Components 

Action Servlet - You’ll need only one of these per application. 
Best of all, you don’t even have to write it, Struts provides it. 



View 


Form Beans - You’ll write one of these for each HTML form 
your app needs to process. They are Java beans, and once the Struts 
Action Servlet has called the setters on the form bean (to populate 
the bean with form parameters), it will call the bean’s validate() 
method. This is a great place to put data conversion and error 
handling logic. 

Action Objects - Generally, an action maps to a single activity in 
a use-case. It has a call-back-like method called execute (), which 
is a great place to get the validated form params, and call model 
components. Think of the Action object as kind of a “servlet lite”. 

struts-config.xml - This is the Struts-specific deployment 
descriptor. In it you’ll map: request URLs to Actions, Actions 
to Form beans, and Actions to views. 



Controller 
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Is Struts a cowtamcr? 

Officially, Struts is considered a framework. 

Frameworks are collections of interfaces and classes that 
are designed to work together to handle a particular type 
of problem. In the case of Struts, the problem space is web 
applications. The goal of a framework is to “aid programmers in 
the development and maintenance of complex applications”. 

So, Struts isn’t a container, but in some ways it acts like one. 

Top five ways Struts is like a 
servlets container 

1 Declarative: They both use an XML file to 
configure the application declaratively. 

2 Lifecycle: They both provide lifecycles for 
predetermined types of objects. 

3 Callbacks: They both perform automatic 
callbacks of key lifecycle methods. 


I feel an analogy coming 
on... youve said Struts has 、、 call- 
back” methods and a deployment 
descriptor. So is Struts like a 
mini-container? 


o 





4 APIs: They both provide APIs for key types of 
objects that are supported. 

5 Application Control: They both provide a 
controlled environment in which your application runs. 
They are your application’s window to the outside world. 


o 

O 


# There is nothing about Struts on 

么擊狀 fhe exam! 

You ARE expected to know the purpose 
and function of a Front Controller (and Struts is just a 
tricked-out Front Controller), but you will not have any 
questions about the Struts framework. So, you can 
relax and follow along without having to memorize 
every picky detail. 


In Struts, Ive 
been promoted to 
''Action Servlet". Sometimes 
rm also referred to as a Front 
Controller. (Thafs on the 
exam, by the way.) 


o 

o 



Action 


Servlet 
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How does Frowt Controller fit iw? 


Oh yeah. Front Controller is another J2EE pattern, and it just happens to be on the exam. 
Actually, Struts is a really fancy example of using a Front Controller pattern. The basic 
idea of the Front Controller pattern is that a single component, usually a servlet but possibly 
a JSP, acts as the single control point for the presentation tier of a web application. With the 
Front Controller pattern, all of the app’s requests go through a single controller, which handles 
dispatching the request to the appropriate places. 

In the real world, it’s rare to implement a Front Controller all by itself. Even a really simple 
implementation usually includes another J2EE pattern called an Application Controller. 
Struts includes a class called the RequestProcessor, which is ultimately responsible for the 
handling of HTTP requests. 

Although the exam might contain questions about the Front Controller pattern, you’ll 
be fine if you remember the benefits of Struts, and the fact that Struts is simply a Front 
Controller with all the bells and whistles. 

Eight features that Struts adds to a Front Controller 

1 Declarative Control: Struts allows you to create declarative maps between request 
URLs, validation objects, model-invoking objects, and views. 

2 Automated Request Dispatching: The Action.execute() method returns a symbolic 
ActionForward which tells the ActionServlet which view to dispatch to. This provides another layer 
of abstraction (and loose coupling) between the controller and view components. 

3 DataSources: Struts can provide DataSource management. 

4 Custom Tags: Struts provides dozens of custom tags. 

5 Internationalization Support: Error classes and custom tags have 
internationalization support. 

6 Declarative Validation ： Struts provides a validation framework that removes the need 
to code the validate method in your form beans. The rules for validating a form are configured in 
an XML file and can be changed without affecting your form bean code. 

7 Global exception handling: Struts provides a declarative error handling mechanism 
similar to <error-page> in the DD. However, with Struts the exceptions can be specific to the 
application code in your Action object. 

8 Plug-ins ： Struts provides a Plugin interface with two methods: init() and destroy(). You can 
create your own plug-ins to enhance your Struts application, and they will be managed for you. 

For example, the Validator framework is initialized using a plug-in. 
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Refactoring the Peer app for Struts 

Enough theory, let’s write a Struts app. First off, let’s review 
our MVG Beer app from chapter 3. The only code that’s 
going to change when we refactor to Struts is related to the 
MVG controller. (The model and view are not affected.) 


Request ^ — ^Controller i Moder 

dZ! I ^ 


BeerSelect 


1 Having received a request, the Controller performs 
validation of the user form data. 

2 The Controller invokes the Model component. 

3 The Controller forwards to the View. 



BeerExpert 



result.jsp 


MVC controller code 
(from chapter 3) 

package com.example.web; 
import com.example.model.*; 
import javax.servlet.*; 
import j avax.servlet.http.*; 
import java.io.*; 
import java.util.*; 

public class BeerSelect extends HttpServlet { 
public void doPost(HttpServletRequest request, 

HttpServletResponse response) 
throws 工 OException, ServletException { 

String c = request. getParameter (''color^); 


BeerExpert be = new BeerExpert(); 
List result = be.getBrands(c); 


Ko*t a \oi o-f 

validation ov\ - 



RequestDispatcher disp = 

request. getRequestDispatcher ( 、 'result.jsp 〃）； 
disp.forward(request A response); 


pov-^av-d *to *tV^c Kav-dtodcd \/*c 
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The Struts teer app architecture 

Here’s the Beer app architecture, all done up in Struts... 


struts-config.xml 



BeerExpert 


1 Having received a request, the 
ActionServlet locates the correct form 
bean using the struts-config.xml file. The 
ActionServlet invokes the form bean’s validation 
logic. If the form bean finds any errors, it 
populates an ActionErrors object. 

2 Using the struts-config.xml file, the 
ActionServlet locates and invokes the Action 
object, which invokes the model and returns an 
ActionForward object to the ActionServlet. 

3 Having previously extracted the necessary 
mappings from struts-config.xml, the 
ActionServlet uses the ActionForward object to 
dispatch to the correct view component. 


result.jsp 


iAfell, 0 ^ Vicy/ 决 Will 决 
m a S^uts Y/ck ap\>. 

S^uts ? ^oV.acs a tWat 

? voV.dcs a <K^bc^o^rs/>, that 

d'is?lav s validator 

Jorl Also, tKc _L ^ 

Y>roM\Ats -tay i\>ai ^populate tKc 
-(*ov*w» oy\ 3^ cv-vov’ 
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A form bean exposed 

Remember, the form bean’s job is to validate 
the user’s form params. A nice benefit of 
Struts is that a validation step is built right 
into the architecture. 


Request 


<xml> 

<validate> 


</validate> 

i<mapping> 

</mapping> 

</xml> 


struts-config.xml 


package com.example.web; 

// Struts imports 

import org.apache.struts.action.ActionMapping; 
import org.apache.struts.action.ActionForm; 
import org.apache.struts.action.ActionMessage; 
import org.apache.struts.action.ActionErrors; 

import javax.servlet.http.HttpServletRequest; 

public class BeerSelectForm extends ActionForm { 




BeerSelectForm 


Action 

Object 


Beer Select Action 


result.jsp 


kedy\s mus*t 


Model 

BeerExpert 


private String color; 

public void setColor (String color) { 
this.color = color; 

} 

public String getColor() { 

return color; 

} 

private static final String VALID COLORS 



Usually, voull 曲七 7 。吖 ^ 
kcayvs -bo V^avc yttcv-s a^d scttcv-s 

-fo^r all *tV^c params. 


1 amber,dark,light,brown - 


public ActionErrors validate (ActionMapping mapping, 

HttpServletRequest request) 
ActionErrors errors = new ActionErrors(); 


if ( VALID 一 COLORS•indexOf(color) == -1 ) { 

errors • add (''color", new ActionMessage ( ''error. colorField.notValid^)); 


The A^*tio^Scv-vlrt ta\\s 

validatcf )• 

S-tv-uts pv-ovidcs 
A^*tioi^Ev-\ro\rs *bo 
V3lidld*Lio^ 

cv-\rov-s. 


return errors; 


The A 匕灼 &r\ro\r 匕 o 灼 stiru 匕 *to\r *takcs 

a *bha*t is d symbolic key m*to 

a \rcsou\r^c bundle- This is Aor\t *to 
-fadili-tatc m*bcv-^a*bio^ali23*tio^. 
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How aw Action object ticks 


The Action object is mainly a dispatcher. It is 
invoked by the ActionServlet, which calls the 
Action object’s executeQ method. 



package com.example.web; 

// Model imports 

import com.example.model.*; 

import java.util.*; 



result.jsp 


// Struts imports 

import org.apache.struts.action.Action; 
import org.apache.struts.action.ActionMapping, 
import org.apache.struts.action.ActionForm; 
import org.apache.struts.action.ActionForward, 

// Servlet imports 

import javax.servlet.http.HttpServletRequest; 
import javax.servlet.http.HttpServletResponse 

k 

public class BeerSelectAction extends Action 




MUST 
oti Mass. 


ScA W SO 

Y/e *tV^c 七 v,cy, * 


public ActionForward execute(ActionMapping mapping, ActionForm form. 


HttpServletRequest request, 
HttpServletResponse response) 

// Cast the form to the application-specific form 
BeerSelectForm myForm = (BeerSelectForm) form; 


Pv-ovidcs adless *to the 
vdlidd'ted usev- -foirm 


// Process the business logic 
BeerExpert be = new BeerExpert (); 

List result = be. getBrands(myForm.getColor()); 


// Forward to the Results view 
// (and store the data in the request-scope) 
request. setAttribute (''styles” ， result); 
return mapping.findForward(''show results"); 



3 usev 

*to *thc model 



The method \rc*bu\r^s 

A^t«o^Fo\ry/av-d *bo the 
*bha*t div-c^*b Stv-uts -to dispatch -to the 
的 C 乂七 appv-op\ria*tc View. These symbolic 
u -fo\rv/av-ds w av-c dctlav-cd m -the s-tv-uts- 

乙 Oirvfij . 乂你 I -file- 
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struts - cowfig.xml: 
tying it all together 

The struts-config.xml file is analogous to 
the DD. You can actually call it whatever 
you want, although struts-config.xml is 
its conventional name. Similar to the DD, 

J Request 

this file is where you’ll declare and map 
Struts components in your web app. This 
mechanism helps your application become 
more loosely coupled. 



l3 


result.jsp 


<?xml version= 〃 l•0 〃 encoding= 〃 ISO-8859-l 〃 ?> 

<!DOCTYPE struts-config PUBLIC 

''-//Apache Software Foundation//DTD Struts Configuration 1.3//EN” 
''http://struts.apache.org/dtds/struts-config 1 3.dtd’’> 


<struts-config> 

<form-beans> 

<form-bean name: 

type ： 

</form-beans> 


selecjtBeer Form- 

corn. example.web.BeerSelectForm" /> 



<action-mappings> 

〈action path="/SelectBeer 

type= 〃 com•example.web.BeerSelectAction 
name= 〃 selectBeerForm 〃 scope=〃request 
validate=’’true" input 二 ’’/form, j sp’’> 




〈forward name =〃 show—results" 
path=’’/result • j sp’’ /> 

</action> 

</action-mappings> 


The <-fo\rm-bca^> element declares the 

symbol id 的 amc ^Idss o( d 

object 


URL path 

*to *thc do^*t\rollcv ddss; that 
the .do extension *fo\r path is HOT 
’mduded m the S*t\ru*b do^-fi^uv-atio^. 

The <a^*tio^> also asso^ia*bes a -fov-m bca 灼 
— y/i*th the a 匕七 | 。灼 . This is spe^i-f ied by the 
symbolic \)t^Y\ S*t\ru*ts will 匕 

this \)t^Y\ Bv\d s*to\rc i*t m the spedi-f ied sdopc. 
|-f validd'kio^ ott^s cv-\ro\rs a\rc 

-from the v/alidate method, the mpu 七 
a*t*t\ribu*bc dcda\res the View \rcspo^siblc (or 
disf>laym3 the C\rv-o\r message ； this is usually 
the -fov-m that submitted this a^tio^. 


The <-fo\rwav-d> element ^v-catcs a mapping between 
•the symbolic view yxBwxc, used by the f[thov\ object, 

a^d the physidal path *to -the view 匕 ompo 灼 c 灼 *t. 


<mes sage-re sources par ameter =,, Appli cat ionRe sources^ / > 
</struts-config> 
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Specifying Struts m the web.xml VV 

As far as the Container is concerned, the ActionServlet is just 
another servlet. So, you have to declare it and make sure all 
of the web app’s requests are mapped to it. 


<web-app xmlns=’’http : //j ava . sun . com/xml/ns/j 2ee" 

xmlns : xsi= 〃 http:/ / www.w3.org/2001/XMLSchema-instance^ 

xsi : schemaLocation=’’http : //java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" 

version= 〃 2•4〃> 


< 



hlan\\y\^ the U Fv-o^*tCo^*t\rollcv- W 

is^*t but i*bll help you 

i*ts fuv-posc m the app- 


<servlet> 

< s e rvle t-name >FrontController< / servlet-name> 

<servlet-class>org.apache.struts.action•Actionservlet</servlet-class> 


The mi-t pavam tells 

y/hcv-c *to -fmd Stv-ut -file- 

<param-value>/WEB-INF/struts-config.xml</param-value> 

</init-param> 


<! 一一 Name the struts configuration file --> 
<init-param> 

<param-name>config</param-name> 



<!-- Guarantee that this servlet is loaded on startup.--> 


<load-on-startup>l</load-on-startup> 

</servlet> 



<!-- The Struts controller mapping --> 
<servlet-mapping> 


The A^*tio^Sc\rvlc*b has a Complex 
•mit method ； you bc*t*tc\r load this 
scv-vlct at s-tav-bup. 


<servlet-name>FrontController</servlet-name> 
<url-pattern>*.do</url-pattern> 

</servlet-mapping> 

<!-- END : The Struts controller mapping --> 



</web-app> 


Wow I This oy\C scv-vlct is jo'mj *to 
handle f[LL ihis apps v-c<\ucs-ts 
(assum'm^ you name -the v-c^ucs*t 
URLs v/ith a 'do” wbc 灼 sio 灼 ). 


You should naine 
the Struts DD 

“struts-config _xrn I” 

And if you do NOT, then in your web.xml DD, 

V ou MUST declare an init-param config , 

i define the name of the Struts DD, Jf= 

DO use the name struts-config.xml, hen 
Struts will find it automatically, w „ n 
init-pammeter，but it’s still considered good 
practice” to declare it in the DD. 
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Install Struts, awd Just Ruw It! 

Installing Struts is simple. 

The links and versions mentioned on this page were current at the 
time of this writing. Which is no help at all for you, but means 
simply: we have no idea what things will be like by the time you read this, 
but we gave it our best shot anyway. 

Six easy steps to installing Struts 

Crank up your browser and navigate to: 

http : //struts.apache.org/downloads.html 

From the General Availability list, click on the latest Struts vl.3.* link: 

Choose the JAR file you desire. The smallest JAR is the library-only version: 

struts-1.3.8-lib.zip 

Download the zip file to a temporary directory. 


© 

© 

④ 


© 


Unzip the file which unpacks to: 

struts-1.3.8/ 

NOTICE.txt 
lib/ 

struts-core-1.3.8.jar 
struts-taglib-1.3.8.jar 
commons-beanutils-1.7.0.jar 
commons-digester.jar 
commons-chain-1.1.jar 




Copy the five JAR files listed in step 5 to the webapp’s 

WEB-INF/lib/ directory: 




FYI: make sure that there is a copy of Struts core JAR file in 
your classpath when you compile your form beans and action objects. 
(Remember, the ActionServlet front controller is created for you 
automatically.) 
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example 




commons- 

beanutils.jar 


commons- 

chain.jar 


0010 0001 
1100 1001 
0001 0011 
0101 0110 


struts-core.jar 


struts-taglib.jar 


BeerSelectAction.class BeerSelectForm.class BeerExpert.class 


ncse m ^ L ° 代 

W 6 。州一 

|»bvav»cs used by 孓七 ' 


0001 0011 
0101 0110 


0010 0001 
1100 1001 


0101 0110 


0010 0001 
1100 1001 
0001 0011 


Optional 



errors.h 
error.<u 


ApplicationResources 

.properties 


0010 0001 
1100 1001 
0001 0011 
0101 0110 


0010 0001 

1100 1001 

0001 0011 

0101 0110 


0010 0001 

1100 1001 

0001 0011 

0101 0110 


0010 0001 

1100 1001 

0001 0011 

0101 0110 







</webapp> 


web.xml 






Creating the deployment GHvirowmcwt 


This is the directory structure you will create to run the 
Struts version of the Beer app. 


you’ll dveate ov\t -these i-f you y/a 的七 
to *m*tc\nr\a*tio^aliz^ displayed 

to you\r usev-. Ra*t^cv- hard— 
todc cv-v-ov o\r o*thcv- S*t\r*mjs 

fov display, you t^Y\ use a resources 
pv-opcv-*tics -file *to provide key/value 
d 灼 d m youv JSP, you da 灼 
invoke a special (or -the key, 
the mapped will be displayed- 


tomcat m 

^ I 







<% .. 


<% .. 

... %> 


... %> 


form.jsp 


resultjsp 


1 1 1 o 
V o o 1 1 
o o o 1 
o 1 o o 

o o 1 1 
1 o o o 
o 1 o 1 
o 1 o o 
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business delegate 


Patterns review for the SCWCP 

We’ve covered a lot of patterns in the last two chapters. 

The next few pages pull together a lot of the details 
you’ll want to study for the SGWGD exam. 

Pusmess delegate 

Use the Business Delegate pattern to shield your 
web tier controllers from the fact that some of 





— Business Delegate features - 

■ Acts as a proxy, implementing the remote service’s 
interface. 

■ Initiates communications with a remote service. 

■ Handles communication details and exceptions. 

■ Receives requests from a controller component. 

■ Translates the request and forwards it to the business 
service (via the stub). 

■ Translates the response and returns it to the 
controller component. 

■ By handling the details of remote component lookup 
and communications, allows controllers to be more 
cohesive. 


Business Delegate principles - 

■ The Business delegate is based on: 

■ hiding complexity 

■ coding to interfaces 

■ loose coupling 

■ separation of concerns 

■ Minimizes the impact on the web tier when changes 
occur on the business tier. 

■ Reduces coupling between tiers. 

■ Adds a layer to the app, which increases complexity. 

■ Method calls to the Business Delegate should be 
coarse-grained to reduce network traffic. 
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Service Locator 


Use the Service Locator pattern to perform 
registry lookups so you can simplify all of 
the other components (such as Business 
Delegates) that have to doJNDI (or other 
registry types) lookups. 



Business 

Delegate 






JNDI 

Server 



JNDI 


Service Locator features —— 

Obtains InitialContext objects. 

Performs registry lookups. 

Handles communication details and exceptions. 

Can improve performance by caching previously 
obtained references. 

Works with a variety of registries such as: 

JNDI, RMI, UDDI, and COS naming. 


— Service Locator principles - 

■ The Service Locator is based on: 

■ hiding complexity 

■ separation of concerns 

■ Minimizes the impact on the web tier when remote 
components change locations or containers. 

■ Reduces coupling between tiers. 
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Transfer Object 


Use the Transfer Object pattern to 
minimize network traffic by providing 
a local representation of a fine-grained 


remote component (usually an entity). 


Manage 

Customer 



Transfer Object functions - 

Provides a local representation of a remote entity 
(i.e., an object that maintains some data state). 

Minimizes network traffic. 

Can follow Java bean conventions so that it can be 
easily accessed by other objects. 

Implemented as a serializable object so that it can 
move across the network. 

Typically easily accessible by view components. 


— Transfer Object principles - 

■ The Transfer Object is based on: 

■ reducing network traffic 

■ Minimizes the performance impact on the web tier 
when remote components’ data is accessed with 
fine-grained calls. 

■ Reduces coupling between tiers. 

■ A drawback is that components accessing the 
Transfer Object can receive out-of-date data, because 
the Transfer Object’s data is really representing state 
that’s stored somewhere else. 

■ Making updatable Transfer Objects concurrency-safe 
is typically complex. 
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Intercepting Filter 

Use the Intercepting Filter pattern to modify 
requests being sent to servlets, or to modify 
responses being sent to users. 



/hi 111rrv^ 

Client 


cd*b 


^e lavt>a,a ^ a se,vle*t 



Filter 


f Atcvs avc 






一 Intercepting Filler functions - 

■ Can intercept and/or modify requests before they 
reach the servlet. 

■ Can intercept and/or modify responses before they 
are returned to the client. 

■ Filters are deployed declaratively using the DD. 

■ Filters are modular so that they can be executed in 
chains. 

■ niters have lifecycles managed by the Container. 

■ Filters must implement Container callback methods. 


— Intercepting Filter principles - 

■ The Intercepting Filter is based on: 

■ cohesion 

■ loose coupling 

■ increasing declarative control 

■ Declarative control allows Filters to be easily 
implemented on either a temporary or permanent 
basis. 

■ Declarative control allows the sequence of invocation 
to be easily updated. 
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MVC pattern 


Model, View, Controller (MVC) 

Use the MVC pattern to create a logical structure 
that separates the code into three basic types of 
components (Model, View, Controller) in your 
application. This increases the cohesiveness of 
each component and allows for greater reusability, 
especially with model components. 



View 


Model, View, Controller features 

Views can change independently from controllers and 
models. 

Model components hide internal details (data 
structures), from the view and controller components. 

If the model adheres to a strict contract (interface), 
then these components can be reused in other 
application areas such as GUIs or J2ME. 

Separation of model code from controller code 
allows for easier migration to using remote business 
components. 


— Model, View, Controller principles —— 

■ Model, View, Controller is based on: 

■ separation of concerns 

■ loose couplings 

■ Increases cohesion in individual components. 

■ Increases the overall complexity of the application. 
(This is true because even though individual 
components become more cohesive, MVC adds 
many new components to the application.) 

■ Minimizes the impact of changes in other tiers of the 
application. 
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Front Controller 


Use the Front Controller pattern to 
gather common, often redundant, request 
processing code into a single component. 
This allows the application controller to 
be more cohesive and less complex. 



struts-config.xml 






Request 


J Action 、 

\ Servlet / 



■>( Model 


A o-f 

Fvo^*t Co^*t\rollc\r 



View 


Front Controller features - 

Centralizes a web app’s initial request handling tasks 
in a single component. 

Using the Front Controller with other patterns can 
provide loose coupling by making presentation tier 
dispatching declarative. 

A drawback of Front Controller (on its own, without 
Struts) is that it’s very barebones compared to Struts. 
To create a reasonable application from scratch 
using the Front Controller pattern, you would end up 
rewriting many of the features already found in Struts. 


—— Front Controller principles - 

■ The Front Controller is based on: 

■ hiding complexity 

■ separation of concerns 

■ loose coupling 

■ Increases cohesion in application controller 
components. 

■ Decreases the overall complexity of the application 

■ Increases the maintainability of the infrastructure 
code. 
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Given this list of attributes: 

- related to Intercepting Filter 
- supports role separation between developers 
- adds reusability 

Which design pattern is being described? 

Q A. Transfer Object 
Q B. Service Locator 
Q G. Front Controller 
□ D. Business Delegate 



The design of your web application calls for certain security measures to be 
taken for every request received. Some of these security checks will be applied, 
regardless of the type of request. 

Which design pattern can be used to achieve this design requirement? 

Q A. Transfer Object 
Q B. Service Locator 
Q G. Composite Entity 
□ D. Business Delegate 
口 E. Intercepting Filter 



Your company wants to leverage its distributed silos. Your job is to 
seamlessly integrate your application’s web service endpoints with its DAOs. 
In addition, your coarse-grained Controller Locators must be enhanced to 
support J2ME, UDDI registries. 

Which design pattern can be used to achieve these design requirements? 

Q A. Domain Activator 
Q B. Intercepting Observer 
Q G. Composite Delegate 
Q D. Transfer Facade 
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This statement describes the potential benefits of a design pattern: 

The pattern reduces network roundtrips between a client and an Enterprise 
Bean, and gives the client a local copy of the data encapsulated by an 
Enterprise Bean after a single method call, instead of requiring several method 
calls. Which design pattern is being described? 

Q A. Transfer object 

Q B. Intercepting Filter 

Q C. Model-View-Gontroller 

□ D. Business Delegate 


Your company, Models ’R Us, is creating an advanced inventory maximization 
component that can be used with all major J2EE container vendors. Your job 
is to design the piece of this component that will perform JNDI lookups with 
whatever vendor the client is using. 

What design pattern can help you accomplish this task? 


□ 

A. 

□ 

B. 

□ 

G. 

□ 

D. 

□ 

E. 


Transfer object 
Intercepting Filter 
Model-View-Gontroller 
Business Delegate 
Service Locator 


While fine tuning your multi-tiered J2EE business application, you’ve discovered 
that you’d get better performance if you reduced the number of remote 
requests your app makes, and increased the amount of data collected for each 
request you make. 

What design pattern should you consider to implement this change in your 
application? 

Q A. Transfer object 

Q B. Service Locator 

Q G. Front Controller 

Q D. Intercepting Filter 

□ E. Model-View-Gontroller 
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^ Given this list of attributes: 

* - related to Service Locator 

- reduces coupling 

- can add a layer and some complexity 


Which design pattern is being described? 
□ A. Transfer Object 
Q B. Front Controller 
Q G. Business Delegate 
Q D. Intercepting Filter 
Q E. Model-View-Controller 



Your web application uses a SessionBean component in a distributed application to 
make a specialized calculation, such as validating credit-card numbers. However, you 
want to shield your web components from the code involved with looking up the 
SessionBean component and using its interface. You want to decouple local application 
classes from the looking up and use of the distributed component, whose interface 
could change. Which J2EE design pattern can you use in this case? 


□ 

A. 

Transfer object. 

□ 

B. 

Service Locator. 

□ 

G. 

Model-View-Controller. 

□ 

D. 

Business Delegate. 



Given this list of attributes: 

- related to Business Delegate 
- improves network performance 


- can improve client performance through caching 


Which design pattern is being described? 


□ 

A. 

Transfer Object 

□ 

B. 

Service Locator 

□ 

G. 

Front Controller 

□ 

D. 

Intercepting Filter 

□ 

E. 

Model-View-Controller 
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c 办尹尹在疙 


14 A^t^enA 


Given this list of attributes: 

- related to Intercepting Filter 
- supports role separation between developers 


(oeJ 班祕祕 _ 


- adds reusability 

Which design pattern is being described? 


□ A. 

□ B. 
^ G. 

□ D. 


Transfer Object 
Service Locator 
Front Controller 
Business Delegate 


- This fatbem others), helps seyaraic ihc 

•tasks formed by afpli^atioh develops Wor^ the 
■tasks pcv*-fo\rmcdi by wcd desij^evs. 


The design of your web application calls for certain security measures to be 
taken for every request received. Some of these security checks will be applied, 
regardless of the type of request. 


Which design pattern can be used to achieve this design requirement? 


□ 

A. 

Transfer Object 

□ 

B. 

Service Locator 

□ 

G. 

Composite Entity 

□ 

D. 

Business Delegate 

E. 

Intercepting Filter 


-The Filtcv is a jood >01 以 v/hp 

You *to ma^ipula'tc ve'uests 

bc-fovc -the normal ^>roUss\^ 


(Cove 祕 秘 

n 1 竹） 


Your company wants to leverage its distributed silos. Your job is to 
seamlessly integrate your application’s web service endpoints with its DAOs. 
In addition, your coarse-grained Controller Locators must be enhanced to 
support J2ME, UDDI registries. 

Which design pattern can be used to achieve these design requirements? 

Q A. Domain Activator 

口 B. Intercepting Observer 一 the i\r\rcjjulav"i*tics \v\ the 

1^ G. Composite Delegate the Composite Pelc^sic >w^l provide 

p palest 仏蚍 “. 切 ：） 

LJ D. 丄 ranster racade J 


(paM 

pa 社 ^ ^ A. 
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This statement describes the potential benefits of a design pattern: 

The pattern reduces network roundtrips between a client and an Enterprise 
Bean, and gives the client a local copy of the data encapsulated by an 
Enterprise Bean after a single method call, instead of requiring several method 
calls. Which design pattern is being described? 

^ A. Transfer object -A key bchC-fii a 0\)\td 

□ B. Intercepting Filter is v*cdud*tioh of hC*tv/ovk "tva-rfid. 

Q C. Model-View-Gontroller 

□ D. Business Delegate 


(Cove J 诚 PatW ， 



Your company, Models ’R Us, is creating an advanced inventory maximization 
component that can be used with all major J2EE container vendors. Your job 
is to design the piece of this component that will perform JNDI lookups with 
whatever vendor the client is using. 


(Cove J 诚 


What design pattern can help you accomplish this task? 

Q A. Transfer object 

n d T . m -The Service Lotabor ^ be used you 

LI B. Intercepting Filter ^ ^ v^dor dt^dtU\ts 

□ C. Model-View-Gontroller sevvide lookups. Us*m^ this 

□ D. Business Delegate —lUelf isolate Code -that >will be 


D. Business Delegate 

E. Service Locator 


-Pv-om vc^dov bo vc^dov-. 



While fine tuning your multi-tiered J2EE business application, you’ve discovered 
that you’d get better performance if you reduced the number of remote 
requests your app makes, and increased the amount of data collected for each 
request you make. 


㉗ f 




What design pattern should you consider to implement this change in your 


□ 

□ 

□ 

□ 


lication? 

A. Transfer object 

B. Service Locator 
G. Front Controller 

D. Intercepting Filter 

E. Model-View-Gontroller 


-The T\ray\s-fc\r Objcdt be used -fco multiple, 

v-emote dalls *m*to a smftlc dall- Offers, *thc 
ircdudtioh hC*t>wo\rk bra((\t mov-c makes uf -fov- 

ovcv-hcad o-f populatm^ a lav-gcv- objedt, a^d 

'mdv-casc m C^r\ be ddhieved- 
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Given this list of attributes: 


- related to Service Locator 
- reduces coupling 

- can add a layer and some complexity 


(Core JZEE Patw , 訝 109-10V 


Which design pattern is being described? 
Q A. Transfer Object 
Q B. Front Controller 


G. Business Delegate 
Q D. Intercepting Filter 
O E. Model-View-Controller 


-Although a laycv- is added, the o-f -thu 

(su\\ as rtdutd douflmj a^d a si^flcv 
business *ticv" make i"t wov 七 hv/hile. 


Your web application uses a SessionBean component in a distributed application to 
make a specialized calculation, such as validating credit-card numbers. However, you 
want to shield your web components from the code involved with looking up the 
SessionBean component and using its interface. You want to decouple local application 
classes from the looking up and use of the distributed component, whose interface 
could change. Which J2EE design pattern can you use in this case? 


(Cov-c J2-EE 


□ 

A. 

Transfer object. 

□ 

B. 

Service Locator. 

□ 

G. 

Model-View-Controller. 


D. 

Business Delegate. 


key of the Business Pclc^ 3 *tc 

is v<eduded douflmj 

tic\T a^d i\\t business 


Given this list of attributes: (Cov-c JZEE Pattems, 1>1V 

- related to Business Delegate 
- improves network performance 
- can improve client performance through caching 


Which design pattern is being described? 


□ 

A. 

Transfer Object 

B. 

Service Locator 

□ 

G. 

Front Controller 

□ 

D. 

Intercepting Filter 

□ 

E. 

Model-View-Controller 


-3v us*m^ this you domkmc 

iWt network tails hc^cssa\ry -to lookup a^d 
dv-catc business objects. 
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如 







Do NOT try to take this exam until you believe you’re ready for the real thing. If you 
take it too soon, then when you come back to it again you’ll already have some 
memory of the questions, and it could give you an artificially high score. We really do 
want you to pass the first time. (Unless there were some way to convince you that 
you need to buy a fresh copy of this book each time you retake the exam...) 

To help defeat the “I remember this question” problem, we’ve made this exam just a 
little harder Vr\an the real exam, by not telling you how many answers are correct for 
each of our questions. Our questions and answers are virtually identical to the tone, 
style, difficulty, and topics of the real exam, but by not telling you how many answers 
to choose, you can’t automatically eliminate any of the answers. It’s cruel of us, really, 
and we wish we could tell you that it hurts us more than it hurts you to have to take 
the exam this way. (But be grateful — until a few years ago, Sun’s real Java exams 
were written this way, where most questions ended with “Choose all that apply.”) 

Most exam candidates have said that our mock exams are a little more difficult than 
the real SCWCD, but that their scores on our exam and on the real one were very 
close. This mock exam is a perfect way to see if you’re ready, but only if you: 

1) Give yourself no more than two hours and 15 minutes to complete it, just like the 
real exam. 

2) Don’t look anywhere else in the book while you’re taking the exam! 

3) Don’t take it over and over again. By the fourth time, you might be getting 98% 
and yet still not be able to pass the real exam, simply because you were memorizing 
our exact questions and answers. 

4) Wait until after you finish the exam to consume large quantities of alcohol or other 
mind-altering substances... 


this is the appendix 
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急 代汗 找 

^imi'TKoc^ Sxom 

A programmer has a validly configured directory structure for his Java EE web 
application which is called MyWebApp. In which two directories could a file called 
myTag. tag reside in order to be accessed correctly by the container? (Choose two.) 

□ A. MyWebApp/WEB-INF 

□ B. MyWebApp/META-INF 

□ G. MyWebApp / WEB - INF /1 ib 

□ D. MyWebApp/WEB-INF/tags 

□ E. MyWebApp/WEB-INF/TLDs 

Q F. MyWebApp/WEB-INF/tags / myTags 


Which of the following are legal EL? (Choose all that apply) 

□A. ${"1" + "2"} 

□ B. ${1 plus 2} 

□ G. ${1 eq 2} 

□ D. ${2 div 1} 

□ E. ${2 & 1} 

Q F. $ { "head" + "first" } 
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A TLD from a Java forum website contains this tag definition: 

<tag> 

<name>avatar</name> 

<tag-class>hf.AvatarTagHandler</tag-class> 

〈 body-content>empty</body-content> 

<attribute> 

<name>userld</name> 

<required>true</required 〉 
<rtexprvalue>true</rtexprvalue> 

</attribute> 

<attribute> 

<name>size</name> 

<required>false</required> 

<rtexprvalue>false</rtexprvalue> 

</attribute> 

</tag> 

What is true about AvatarTagHandler, assuming it extends 

SimpleTagSupport and outputs HTML that displays a user’s avatar 

image? (Choose all that apply.) 

Q A. The class should have a size member with at least a setter method. 

Q B. No size variable is needed in the code because the TLD states it 
is not required. 

Q G. An overridden doTag lifecycle method is needed. 

Q D. An overridden doStartTag lifecycle method is needed. 

口 E. The class must overload all implemented lifecycle methods with 
a version that includes an extra parameter for every attribute 
defined in the TLD. In this case there is only one. 
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A Servlet sets up a bean before forwarding to a JSP. 


Given: 

20. foo.User user = new foo.User(); 

21. user. setFirst (request. getParameter ("firstName")); 

22. user.setLast(request.getParameter("lastName")); 

23. user.setStreet(request.getParameter("streetAddress")); 

24. user.setCity(request.getParameter("city")); 

25. user.setState(request.getParameter("state")); 

26. user.setZipCode(request.getParameter("zipCode")); 

27. request.setAttribute("user", user); 

What snippet, if placed in a JSP, could replace the Servlet code above? (Choose all that apply.) 

Q A. <jsp:useBean id="user" type="foo.User"/> 

Q B. <jsp:useBean id="user" type="foo.User"> 

<j sp : setProperty name="user" property="*"/> 

</jsp : useBean> 


□ G. 


<jsp:useBean id="user" class=" 
<j sp : setProperty name="user" 
<j sp : setProperty name="user" 
<jsp : setProperty name="user" 
<j sp : setProperty name="user" 
<jsp : setProperty name="user" 
<j sp : setProperty name="user" 
</jsp : useBean> 


foo.User"> 

proper ty= "firs t" param=" firs tName" /> 
property="last" param="lastName"/> 
property="street" param="streetAddress"/> 
property="city"/> 
proper ty= ’▼ s tate ’ ▼ / > 
property="zipCode"/> 


Q D. <jsp:useBean id="user" class= n foo .User’▼> 


<j sp : setProperty 

name: 

"user" 

property: 

»»*»»/> 



<j sp : setProperty 

name: 

"user" 

property: 

"first" 

param= 

"firstName" /> 

<j sp : setProperty 

name: 

"user" 

property: 

"last" 

param= 

"lastName"/> 

<j sp : setProperty 

name= 

"user" 

property: 

"street" param="streetAddress"/> 


</jsp : useBean> 
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When comparing the benefits, limitations, and uses of a business delegate object 
and a service locator object, which are true? (Choose all that apply.) 

Q A. They are equally likely to make network calls. 

Q B. They are equally likely to invoke methods in a transfer object. 

Q G. They are equally likely to be invoked directly from a controller object. 

Q D. The service locator will typically be considered a server to the business 

delegate. 

Q E. When both are implemented with a cache, data staleness is a bigger 
issue for the business delegate. 



When creating session listeners which are true? (Choose all that apply.) 

Q A. They are all declared in the DD. 

Q B. Not all of them must be declared in the DD. 

Q G. The DD tag used to declare them is 〈 listener〉. 

Q D. The DD tag used to declare them is <session-listener>. 

Q E. The DD tag used to declare them is placed within the <web-app> tag. 

□ F. The DD tag used to declare them is placed within the <servlet> tag. 


7 


Some users have complained that strange things are happening when they have 
two browser windows open on a single machine and both windows access the 
application at the same time. You want to test various browsers to see if a session 
would be shared across multiple windows. You decide to do this by outputting 
the JSESSIONID in a JSP. How could you accomplish this, assuming you have 
cookies enabled on your test browsers? (Choose all that apply.) 

□ A. ${cookie.JSESSIONID} 

口 B. ${cookie.JSESSIONID.value} 

□ G. ${cookie["JSESSIONID"]["value"]} 

□ D. ${cookie.JSESSIONID["value"]} 

□ E. ${cookie["JSESSIONID"].value} 

Q F. ${cookieValues [0] .value} 
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Which implicit object can access the attributes from the ServletContext? 


□ 

A. 

server 

□ 

B. 

context 

□ 

G. 

request 

□ 

D. 

application 

□ 

E. 

servletContext 



Which methods exist in HttpServlet? (Choose all that apply.) 


□ 

A. 

doGet 

□ 

B. 

doTrace 

□ 

G. 

doError 

□ 

D. 

doConnect 

□ 

E. 

doOptions 



You have determined that certain capabilities in your web application will require that 

users be registered members. In addition, your web application sometimes deals with user 

data that your users want you to keep confidential. 

Which are true? (Choose all that apply.) 

□ A. You can make transmitted data confidential only after your application has 
verified the user’s password. 

Q B. Of the various types of authentication guaranteed by a Java EE container, only 
BASIC, Digest, and Form Based are implemented by matching a user name to a 
password. 

Q G. No matter what type of Java EE authentication mechanism you use, it will only 
be activated when an otherwise constrained resource is requested. 

Q D. All of the Java EE guaranteed types of authentication provide strong data 
security without the need to implement supporting security features. 
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Given these fragments from within a single tag in a Java EE DD: 


343. 

344. 

345. 

346. 

347. 


<web-resource-collection> 

<web-resource-name>Recipes</web-resource-name> 
<url-pattern>/Beer/Update/*</url-pattern> 
<http-method>POST</http-method> 
</web-resource-collection> 


367. 

368. 

369. 


<auth-cons traint> 

<role-name>Member</role - name> 
</auth-constraint> 


385. <user-data-constraint> 

386. <transport-guarantee>CONFIDENTIAL</transport-guarantee> 

387. </user-data-constraint> 

Which are true? (Choose all that apply.) 

Q A. A Java EE DD can contain a single tag in which all of these tags can legally co-exist. 

Q B. It is valid for more instances of <auth-cons traint> to exist within the single tag 
described above. 

Q G. It is valid for more instances of <user-data-constraint> 
to exist within the single tag described above. 

Q D. It is valid for more instances of <url-pattern> to exist within the 

<web-resource-collection> tag described above. 

口 E. It is valid for other tags of the same type as the single encasing tag described above to 
have the same <url-pattern> as the tag above. 

O F. This tag implies that authorization, authentication, and data integrity security features 
are all declared for the web application. 
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You are creating a JSP Document that generates a dynamic SVG image which 
is represented by an XML document structure. The JSP must declare the 
HTTP response header ' Content-Type ' as ' image/svg+xml ' so that 
the web browser will render the response as an SVG image. 

Which JSP code snippet declares that this JSP Document is an SVG response? 

O A. <%@ page contentType=' image/svg+xml' %> 

Q B. <jsp :page con ten tType= ▼ image/svg+xml ▼ /> 

Q G. <jsp : directive. page contentType=' image/svg+xml' /> 

Q D. < j sp : page . contentType>image/svg+xml</j sp : page . contentType> 


13 


Given in a JSP page, the line: 

<%-- out.print("Hello World"); _-%> 

What is the HTML output? 

□A. Hello World 
口 B. out.print("Hello World"); 

口 G. <!-- Hello World --> 

Q D. No output is generated by this line. 


14 


Which statements about HTTP session support are true? (Choose all that 
apply.) 

Q A. Java EE containers must support HTTP cookies. 

Q B. Java EE containers must support URL rewriting. 

Q G. Java EE containers must support the Secure Sockets Layer. 

□ D. Java EE containers must support HTTP sessions, even for clients that 
do not support cookies. 

口 E. Java EE containers must recognize the HTTP termination signal that is 
issued to indicate that a client session is no longer active. 
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Your company has purchased a license for a third party JavaScript 
library for constructing menus. Your team has run into countless errors 
by mistakingly misusing the library and the users are insisting that 
certain menu items should only be visible to users with the authorized 
security role. A custom tag library using Simple tag handlers could shield 
developers from making syntactical JavaScript errors and provide the 
security features the users desire. 

After a design meeting, your team lead documented that she would like 
the menu to look like the following: 

<menu : main> 

<menu : headltem text="My Account" url="/myAccount.do"/> 
〈 menu:headltem text="Transactions"> 

<menu : subitem text="Incoming" url="/incomingTx.do"/> 
〈 menu:subitem text="Outgoing" url="/outgoingTx.do"/> 
<menu : subitem text="Pending" url="/pendingTx.do" 

requireRole= M accountant"/> 

</menu : headltem 〉 

〈 menu:headltem text="Admin" ur1=" / admin.do" 

requireRole= " admin ’▼ /> 

</menu : main> 

You wish to put the full responsibility of generating output on the 
outer <menu : main> tag handler, assuming that centralizing the display 
logic will be easier to maintain. The outer tag handler will need access to 
its descendent tags to accomplish this. Which of the following options 
provides the best approach? 

Q A. Every inner tag should register itself directly to its immediate parent. 
The immediate parent can store its children in an ordered collection. 

Q B. Every inner tag should register itself directly to the outer tag handler, 
and the outer tag handler can store them all in a single HashSet. 

Q G. Unlike Classic tags, SimpleTagSupport provides the methods 

findDescendentWithClass () and getChildren ( ) which give 
the main outer tag full access to its children without any extra 
coding necessary. 

Q D. Have each inner tag save itself as a page scoped attribute with its text 
value as the attribute key. 
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Which JSP life cycle phase can cause an HTTP 500 status code to be returned on 
a request to a JSP page? (Choose all that apply.) 

Q A. JSP page compilation 

Q B. Execution of the service method 

Q G. Execution of the destroy method 

Q D. Execution of the initialization method 


V 


Given that session is a reference to a valid HttpSession and "myAttr" is 
the name of an object bound to session, which can be used to unbind object(s) 
from a session? (Choose all that apply.) 


Q A. session.unbind(); 

Q B. session.invalidate(); 

Q G. session.unbind("myAttr"); 

Q D. session.remove("myAttr"); 

Q E. session.invalidate("myAttr"); 

Q F. session.removeAttribute ("myAttr"); 
Q G. session. unbindAttribute ("myAttr"); 



If req is a reference to an HttpServletRequest and there is no current 
session, what is true about req. getSession () ? (Choose all that apply.) 

Q A. Invoking req. getSession () will return null. 

Q B. Invoking req. getSession (true) will return null. 

Q G. Invoking req. getSession (false) will return null. 

Q D. Invoking req. getSession () will return a new session. 

Q E. Invoking req. getSession (true) will return a new session. 

□ F. Invoking req. getSession (false) will return a new session. 
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A Classic tag handler exists in legacy code. The author wrote a handler that 
evaluates its tag body a hundred times, to be used in testing other tags that 
produce random content. 


Given: 


06. public class HundredTimesTag extends TagSupport { 


07. 

08. 

09. 

10 . 

11 . 

12 . 

13. 

14. 

15. 

16. 

17. 

18. 

19. 

20 . 

21 . 


private int iterationCount; 
public int doTag() throws JspException { 
iterationCount = 0; 
return EVAL BODY INCLUDE; 


public int doAfterBody() throws JspException { 
if(iterationCount < 100){ 
iterationCount++; 
return EVAL 一 BODY 一 AGAIN ; 

}else{ 

return SKIP BODY; 


What is incorrect about the code? 


Q A. Tag handlers are not thread safe, so the iterationCount can become 
out of sync if multiple users are reaching the page at the same time. 


Q B. The doAf terBody method is never being called because it is not part 
of the tag handler lifecycle. The developer should have extended the 
IterationTagSupport class to include this method in the lifecycle. 


Q G. The doTag method should be doStartTag. As written, the default 
doStartTag of TagSupport is called which simply returns SKIP— 
BODY, causing doAf terBody to never be called. 

Q D. When doAf terBody returns EVAL_BODY_AGAIN the doTag method is 
called again. The doTag method resets iterationCount to 0, resulting 
in an infinite loop and a java. lang. OutOfMemoryError is thrown. 
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Given this fragment from a web application’s DD: 

72. <session-config> 

73 . 〈 session-timeout>10</session-timeout> 

74. </session-config> 

And given that session is a reference to a valid HttpSession, and this 
fragment from a servlet: 

30 . session.setMaxInactivelnterval(120); 

After line 30 executes, which are true? (Choose all that apply.) 

Q A. The DD fragment is not valid. 

Q B. The invocation of setMaxInactivelnterval will modify the value in 

the <session-timeout> tag. 

Q G. It is impossible to determine the session timeout limits given the above. 

□ D. If the container receives no client requests for this session in 2 hours, the 

container will invalidate the session. 

口 E. If the container receives no client requests for this session in 2 minutes, 
the container will invalidate the session. 

□ F. If the container receives no client requests for this session in 10 seconds, 

the container will invalidate the session. 

Q G. If the container receives no client requests for this session in 10 minutes, 
the container will invalidate the session. 


21 


You have created a valid directory structure and a valid WAR file for your Java EE 
web application. Given that: 


- ValidApp. war is the name of the WAR file. 

- WARdir represents the directory that must exist in every WAR file. 

- APPdir represents the directory that must exist in every web application. 
Which is true? 


口 A. The actual name of WARdir is NOT predictable. 

Q B. The name of your application is NOT predictable. 

□ C. In this directory structure, APPdir will exist inside WARdir. 

□ D. In this directory structure, the application’s deployment descriptor will 

reside in the same directory as WARdir. 

Q E. Placing your application in a WAR file provides the option for the 

container to perform additional runtime checks not otherwise guaranteed. 
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When comparing HTTP GET to HTTP POST, what is true? (Choose all that apply.) 
Q A. Only HTTP GET is idempotent. 

Q B. Both require an explicit declaration in HTML form tags. 

□ G. Only HTTP POST can support multiple parameters in a single request. 

□ D. Both support single parameter requests that send multiple values. 

□ E. Only HTTP POST requests should be handled by overriding a servlet’s 

service () method. 


Given this code in a servlet: 

82 . String s = getServletConfig () . getlnitParameter ("myThing"); 

Which DD fragment will assign to s the value "myStuff"? 

□A. <init-param> 

<param>myThing</ param> 

<value>myStuff</value> 

</init-param> 

口 B. <init-param> 

<name>myThing</name> 

<value>myStuff</value> 

</init-param> 

Q G. <init-param> 

<param-name>myThing</param-name> 

<param-value>myStuff</param-value> 

</init-param> 

□ D. <servlet-param> 

<name>myThing</name> 

<value>myStuff</value> 

</servlet-param> 

Q E. <servlet-param> 

<param-name>myThing</param-name> 

<param-value>myS tuf f < /par am-value> 

</servlet-param> 
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Given that a String is stored as an attribute named accountNumber of some scope, 
which scriptlet(s) will ouptut the attribute? 


Q A. <%= pageContext.findAttribute ("accountNumber n ) %> 

Q B. <%= out.print( n ${accountNumber} n ) %> 


□ C. <% Object accNum = pageContext.getAttribute("accountNumber 
if(accNum == null){ 

accNum = request. getAttribute ("accountNumber"); 

} 

if(accNum == null){ 

accNum = session. getAttribute ("accountNumber"); 

} 

if(accNum == null){ 

accNum = servletContext. getAttribute ("accountNumber"); 


out.print(accNum); 

%> 


Q D. <% requestDispatcher.include("accountNumber"); %> 



You have inherited a legacy JSP web application with lots of scripting 
code. Your manager has demanded that every JSP be refactored to remove 
scripting code. He wants you to guarantee that no scriptlet code exists in 
your JSP codebase and to have the web container enforce a “no scripting” 
policy. 


Which web. xml configuration element will accomplish this goal? 


Q A. <j sp-property-group> 

<url-pattern> *.jsp </url-pattern> 

〈 permit-scripting 〉 false </permit-scripting 〉 
</jsp-property-group> 

口 B. <jsp-config> 

<url-pattern> *.jsp </url-pattern> 

〈 permit-scripting 〉 false </permit-scripting 〉 
</jsp-config> 

Q G. <jsp-property-group> 

<url-pattern> *.jsp </url-pattern> 
<scripting-invalid> true </scripting-invalid 〉 
</jsp-property-group> 


口 D. <jsp-config> 

<url-pattern> *.jsp </url-pattern> 
<scripting-invalid> true </scripting-invalid> 
</jsp-config> 
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Given: 

01. <%@ taglib uri="http : / /java. sun. com/jsp/jstl/core" prefix="c n %> 
02. 

03. <% 

04 . java.util.List books = new java.util.ArrayList(); 

05. // add line here 

06 . request. setAttribute ("myFavoriteBooks" , books); 

07. %> 

08. 

09. <c:choose> 

10 . <c : when test="$ {not empty myFavoriteBooks}’▼> 

11. My favorite books are: 

12 . <c : forEach var="book" items="${myFavoriteBooks}"> 

13 . <br/> * ${book} 

14. </c:forEach> 

15 . </c:when> 

16 . <c : otherwise 〉 

17. I have not selected any favorite books. 

18. </c : otherwise> 

19. </c : choose> 

Which of the following lines of code, if inserted independently at Line 5, will cause the text 
within the c : otherwise tag to display? (Choose all that apply) 

□ A. books . add(""); 

口 B. books.add(null); 

Q G. books.clear(); 

□ D. books.add("Head First"); 

Q E. books = null; 
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You are working on an application that manages a business listing directory. 
Given: 


29. <c : forEach var="phoneNumber" items='${company. 

contactlnfo•phoneNumbers}'> 

30 . <c : if test='${verify:isTollFree(phoneNumber)}'> 

31. <img src="/images/To11Free.gif"/> 

32 . </c : if> 

33 . ${phoneNumber}<br/> 

34. </c:forEach> 


The above snippet adds a special icon in front of phone numbers that are 
toll free. Which statement about the EL function from this code snippet is 
guaranteed to be true? 

□ A. The EL function must be declared public and static 

Q B. The EL function must not return any value and be declared void 

Q G. The <uri> value in the EL function’s TLD must be Verify 

Q D. The name of the class that implements the EL function must be 
named Verify 

Q E. If phoneNumber is a String, the 〈 function-signature 〉 value 
in the TLD should be isTollFree (String) 


28 


Which are methods of HttpServletRequest that retrieve the body of the 
request? (Choose all that apply.) 

□ A. getReader() 

Q B. getStream () 

Q G. getlnputReader() 

Q D. getlnputStream () 

口 E. getServletReader() 

□ F. getServletStream () 
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Given a Java EE web application in which the following browser request: 

http : / /www. wickedlysmart. com/MyApp/myDir/DoSomething 

will be handled by a servlet in the application, which three are true? 

(Choose three.) 

Q A. The deployment descriptor must include instructions to handle 
the request as specified. 

口 B. The request can be handled as specified with no related instructions in the 
deployment descriptor. 

Q G. The servlet that handles this request must be named DoSomething. class. 

□ D. The servlet name is not predictable based on the information provided. 

□ E. The application must contain a directory named myDir. 

□ F. The name of the directory in which the servlet resides is not predictable 

based on the information provided. 


Your web application has a valid deployment descriptor in which student and 
sensei are the only security roles that have been defined. The deployment 
descriptor contains two security constraints that declare the same resource to 
be constrained. The first security constraint contains: 

234 . <auth-cons traint> 

235. <role-name>student</role-name> 

236. </auth-constraint> 

And the second security constraint contains: 

251. <auth-constraint/> 


Which are true? (Choose all that apply.) 

Q A. As the deployment descriptor stands now, the constrained resource can 
be accessed by both roles. 

Q B. As the deployment descriptor stands now, the constrained resource can 
be accessed only by sensei users. 

Q C. As the deployment descriptor stands now, the constrained resource can 
be accessed only by student users. 

Q D. If the second <auth-constraint 〉 tag is removed, the constrained 
resource can be accessed by both roles. 

Q E. If the second <auth-constraint> tag is removed, the constrained 
resource can be accessed only by sensei users. 

□ F. If the second <auth-constraint 〉 tag is removed, the constrained 
resource can be accessed only by student users. 
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Which of the following custom tags is guaranteed to fail? (Choose all that apply) 

Q A. <mine : horder> 

〈 mine: photos album="$ {albumSelected} ’▼> 

</mine : border> 

</mine : photos> 

Q B. 〈 mine:border> 

〈 mine: photos album:’ 1 $ {albumSelected} "/> 
</mine : horder> 

Q G. 〈 mine:border> 

${albumSelected.title} 

<mine : photos>${albumSelected}</mine : photos> 

</mine : border> 

□ D. <mine : photos includeBorder="${userPreference.border} 

album="${albumSelected}" /> 


32 


Your n-tier web application uses the Java EE patterns that are most typically used 
when such an application wants to access remote registries. Which are benefits of 
these patterns? (Choose all that apply.) 

Q A. Increased cohesion 

Q B. Better performance 

□ G. Better maintainability 

Q D. Reduced network traffic 

口 E. More interactive browser capabilities 


33 


What is generally true about the lifecycle of a servlet? (Choose all that apply.) 
Q A. You should NOT write a constructor for a servlet. 

Q B. You should NOT override a servlet’s init () method. 

Q G. You should NOT override a servlet’s doGet () method. 

Q D. You should NOT override a servlet’s doPost () method. 

Q E. You should NOT override a servlet’s service () method. 

口 F. You should NOT override a servlet’s destroy () method. 
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Given this portion of a Java EE . war file’s directory structure: 

MyApp 

I -- META-INF 

I I-- MANIFEST.MF 

I I -- web • xml 

I 

I-- WEB-INF 

I I -- index.html 

I ITLDs 

I 丨 —— Header.tag 

What change(s) are necessary to make this structure valid and the resources 
accessible? (Choose all that apply.) 

Q A. No changes are necessary. 

Q B. The web. xml file must be moved. 

Q G. The index.html file must be moved. 

□ D. The Header. tag file must be moved. 

□ E. The MANIFEST.MF file must be moved. 

口 F. The WEB-INF directory must be moved. 

Q G. The META - INF directory must be moved. 


You are considering implementing some variety of MVG in your Java EE n-tier 

application. Which are true? (Choose all that apply.) 

Q A. This design will often serve business delegate objects. 

Q B. It often reduces network traffic by caching remotely located data. 

Q G. This design goal simplifies communications with heterogeneous resource 
registries. 

Q D. Even though MVG solutions have many benefits, they often increase 
design complexity. 

□ E. Both the front controller pattern and Struts could be considered solutions 
for this design goal. 

口 F. This design will provide you with the capability to easily recombine 
request and response handlers. 
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Given in a JSP page, the line: 

<% List myList = new ArrayList(); %> 

Which JSP code snippets can you use to import these data types? (Choose two.) 

Q A. <% ! import java.util.*; %> 

Q B. <%@ import java.util.List java.util.ArrayList %> 

Q G. <%@ page import='j ava.util.List,j ava.util.ArrayList' %> 

Q D. <% ! import java.util.List; import java.util.ArrayList; 

Q E. <%@ page import= ' java. util. List ' %> <%@ page 

import:'j ava.util.ArrayList' %> 


37 


You are tasked with adding several security features to your company’s Java EE 
web application. Specifically, you need to create several classes of users and based 
on a user’s class, you need to restrict them to use only some of the application’s 
pages. In order to restrict access, you must determine that users are who they say 
they are. 


Which are true? (Choose all that apply.) 

Q A. If you need to verify that users are who they say they are, you must use 
the application’s deployment descriptor to implement that requirement. 

Q B. Java EE’s authorization capabilities should be used to determine that 
users are who they say they are. 

Q C. In order to help you determine that users are who they say they are, you 
can use the deployment descriptor’s <login-config> tags. 

Q D. In order to help you determine that users are who they say they are, you 
can use the deployment descriptor’s <user-data-constraint> tags. 

口 E. Depending on the approach you use, determining that users are who they 
say they are might require including a "realm". 
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ValidApp is a Java EE application with a valid directory structure. ValidApp 
contains .gif image files in three locations within the directory structure: 

- ValidApp/imageDir/ 

- ValidApp/META-INF/ 

- ValidApp/WEB-INF/ 

In which of these locations can clients directly access these .gif files? 

□ A. Only in ValidApp/META-INF/ 

口 B. Only in ValidApp/imageDir/ 

Q G. All of the above locations 

□ D. Only in ValidApp/imageDir/ and ValidApp/WEB -INF/ 

Q E. Only in ValidApp/imageDir/ and ValidApp/META- INF/ 


Given req is a reference to a valid HttpServletRequest, and: 

13. String[] s = req.getCookies(); 

14. Cookie[] c = req.getCookies(); 

15. req.setAttribute("myAttrl", "42"); 

16. req•setAttribute( n myAttr2 n , 42); 

17 . String [ ] s2 = req. getAttributeNames (); 

18. String[] s3 = req.getParameterValues("attr"); 
Which lines of code will not compile? (Choose all that apply.) 

□ A. line 13 
Q B. line 14 
Q C. line 15 
Q D. line 16 

□ E. line 17 

□ F. line 18 
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A Tag File named Products . tag displays a list of products. 

Given this snippet from the Tag File: 

1. <%@ attribute name="header" required="false" rtexprvalue="false" %> 

2. <%@ attribute name="products" required="true" rtexprvalue="true n %> 

3 . <%@ tag body-content="tagdependent" %> 

Which of the following are legal usages of the Tag File? (Choose all that apply.) 

口 A. <display : Products header="Shopping Cart" products="${shoppingCart}"/> 

Q B. <display : Products header="Wish List" products="${wishList}" body- 
content="${body}"/> 

Q G. <display : Products header="Similar Products" products="${similarProducts} 
Customers who bought this item also bought : 

</display : Products> 

Q D. <display : Products header=' <%= request.getParameter("listType") %>' /> 


41 


You are taking part in an initiative to remove scriptlets from the JSPs of a legacy 
web application for a major bank. You come across the following lines of code: 

<% if ((com. your company. Account) request. 

getAttribute("account")). 
isPersonalChecking()){ %> 

Checking that fits your lifestyle. 

<% } %> 


How can you replace this using JSTL? (Choose all that apply) 

□A. <c : if test='${account.personalchecking}'>Checking 

that fits your lifestyle . </c : if> 

Q B. <c : if test='${account["personalchecking"]}'>Checking 

that fits your lifestyle . </c : if> 

Q G. <c : if test="${account['personalchecking']}">Checking 

that fits your lifestyle . </c : if> 

Q D. <c : if test='${account.isPersonalChecking}'>Checking 

that fits your lifestyle . </c : if> 
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Given the following event types: 

- HttpSessionEvent 
- HttpSessionBindingEvent 
- HttpSessionAttributeEvent 

Match the event types above to their respective listener interfaces. (Note: you can 
match an event type to more than one Listener.) 

HttpSessionAttributeListener . 

HttpSessionListener . 

HttpSessionActivationListener . 

HttpSessionBindingListener . 


What’s true about the lifecycle of a servlet? (Choose all that apply.) 

Q A. The service () method is the first method invoked by the container 
when a new request is received. 

Q B. The service () method is invoked by either doPost () or doGet () 
after they’ve completed a request. 

Q G. Each time that doPost () is invoked, it runs in its own thread. 

Q D. The destroy () method is invoked after every invocation of doGet () 
completes. 

Q E. The container issues a separate thread for each client request. 


When might a JSP get translated? (Choose all that apply.) 


□ 

A. 

□ 

B. 

□ 

G. 

□ 

D. 


When the developer compiles code in the src folder 

When the application is started 

The first time a user requests the JSP 

After jspDestroyO is called, it gets retranslated 
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Given this fragment from a valid doGet () method: 

Outputstream os = response.getOutputStream(); 
byte[] ba = {1,2,3}; 
os.write(ba); 

RequestDispatcher rd = request.RequestDispatcher("my.jsp 
rd.forward(request, response); 

Assuming that "my. j sp" adds the bytes 4, 5, and 6 to the response, what is the result? 


□ 

A. 

123 

□ 

B. 

456 

□ 

G. 

123456 

□ 

D. 

456123 

□ 

E. 

An exception is thrown 




12 

13 

14 

15 

16 
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A programmer needs to update a live, running servlet’s initialization parameters 
so that the web application will begin to use the new parameters immediately. 

In order to accomplish this, which must be true (although not necessarily 
sufficient)? (Choose all that apply.) 

Q A. For each parameter, you must modify a DD tag that specifies the name 
of the servlet, the name of the parameter, and the new value of the 
parameter. 

Q B. The servlet’s constructor must retrieve the updated DD parameter from 
the servlet’s ServletConfig object. 

Q G. The container must destroy and then reinitialize the servlet. 

Q D. For each parameter, the DD must have a separate 

<init-param> tag. 


47 


Which types can be used in conjunction with HttpServletResponse methods 
to stream output data? (Choose all that apply.) 


□ 

A. 

□ 

B. 

□ 

G. 

□ 

D. 

□ 

E. 

□ 

F. 


java.io.Printstream 
java.io.PrintWriter 
java.io.Outputstream 
java.io.FileOutputStream 
java.io.ServletOutputStream 
java.io.ByteArrayOutputStream 
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Your web application has a valid dd with a single <security-constraint> 
tag. Within this tag exists: 

-a single url pattern that declares directory 1 
-a single http method that declares POST 

-a single role name that declares GUEST 

If all of the resources for your application exist within directory 1 and 
directory2, and MEMBER is also a valid role, which are true? (Choose all 
that apply.) 

Q A. GUESTs cannot do GET requests in directory 1. 

OB. GUESTs can do GET requests in both directories. 

口 G. GUESTs can do POST requests only in directory〗. 

□ D. MEMBERS can do GET requests in both directories. 

Q E. GUESTs can do POST requests in both directories. 

□ F. MEMBERS can do only POST requests in directory 1. 



Given: 

1. <%@ taglib prefix="c" uri="http : / /java. sun. com/jsp/ 

jstl/core" %> 

2 . <%@ taglib prefix="tables" uri= "http : // www. javaranch. 

com/tables" %> 

3 . <%@ taglib prefix=" jsp" tagdir= "/WEB - INF/tags" %> 

4. <%@ taglib uri="UtilityFunctions" prefix="util" %> 


What about the above taglib directives would cause the JSP to not function? 


□ 

A. 

□ 

B. 

□ 

G. 

□ 

D. 


Line 4 is wrong because the prefix attribute must come before the 
uri attribute. 


Line 3 is wrong because there is no uri attribute. 

Line 4 is wrong because the uri value must begin with http : / / 

Line 3 is wrong because the prefix j sp is reserved for standard actions. 
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Given that resp is a reference to a valid HttpServletResponse object that 
contains, among others, the following headers: 

Content-Type : text/html 

MyHeader : mydata 

And the following invocations: 

25 . resp. addHeader ("MyHeader" , "mydata2 ’▼); 

26 . resp.setHeader("MyHeader", "mydata3"); 

27 . resp.addHeader("MyHeader” ， "mydata"); 

What data will exist for the MyHeader header? 

Q A. mydata 

口 B. mydata3 

Q G. mydata3,mydata 

Q D. mydata3, mydata2 

口 E. mydata,mydata2 ,mydata3 

Q F. mydata, mydata2 A mydata3, mydata 



Given the following portion of a web.xml from a legacy application: 

<jsp-config> 

<taglib> 

<taglib-uri>prettyTables</taglib-uri> 

<taglib-location>/WEB-INF/tlds/prettyTables.tld</taglib-location> 
</taglib> 

</jsp-config> 

Assuming the server running your code now supports Java 1.4 EE or greater, what could you 
do to remove the above < j sp-config> tag and still have your code work? 

O A. Change the taglib directive’s uri attribute in your JSPs to use 
and the container will automatically map it. 

Q B. Place <uri>prettyTables</uri> in your TLD file. 

Q G. Remove the taglib directives that used this mapping in your 
JSPs. The container will handle it automatically. 

Q D. This is impossible. The < j sp - config> entry here must be 

present for the container to map the TLD to the uri referenced 
in your JSPs. 
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For a page that lists shopping cart items, the message “Your shopping cart is 
empty.” must display when the cart is empty. Which of the following code 
snippets could satisfy this functionality assuming the scoped attribute cart is a List 
of products? (Choose all that apply) 

Q A. <c : if test:'${empty cart}'> 

Your shopping cart is empty. 

</c : if> 

<c : forEach var="itemlnCart" items="${cart}"> 

<shop : displayItem item="${itemlnCart} "/ > 

</c : forEach> 

Q B. <c:forEach var= n itemlnCart” items="${cart}"> 

<c : choose> 

<c : when test='${empty itemlnCart}'> 

Your shopping cart is empty. 

</c:when> 

<c : otherwise 〉 

<shop : displayItem item= n ${itemlnCart}"/> 

</c : otherwise 〉 

</c : choose> 

</c : forEach> 

Q G. <c:choose> 

<c : when test='${empty cart} ， > 

Your shopping cart is empty. 

</c:when> 

<c : when test:▼${not empty cart}'> 

<c:forEach var=”itemlnCart” items= n ${cart}"> 
<shop : display Item item:" $ {itemlnCart} '▼/> 

</c : forEach> 

</c:when> 

</c : choose> 

□ D. <c : choose> 

<c : when test='${empty cart} ， > 

Your shopping cart is empty. 

</c:when> 

<c : otherwise 〉 

<c : forEach var= n itemlnCart” items= n ${cart}’▼> 
<shop : displayItem item:"${itemlnCart} "/ > 

</c : forEach> 

</c:otherwise 〉 

</c : choose> 
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. Given the following code from a servlet, and given that myVar is a reference to either an 

OJ HttpSession or a ServletContext: 

15 . myVar. setAttribute ("myName" , "myVal"); 

16 . String s = (String) myVar. getAttribute ("myName"); 

17 . // more code 

After line 16 executes, which are true? (Choose all that apply.) 

Q A. The value of s cannot be guaranteed. 

Q B. If myVar is an HttpSession, compilation will fail. 

Q C. If myVar is a ServletContext, compilation will fail. 

Q D. If myVar is an HttpSession, s is guaranteed to have the value "myVal". 

□ E. If myVar is a ServletContext, s is guaranteed to have the value "myVal". 

Given a portion of Java EE web application’s deployment descriptor: 

<error-page> 

<exception-type>IOException</exception-type> 
<location>/mainError.j sp</location> 

</error-page> 

<error-page> 

<error - code>404</error-code> 

<location>/notFound.jsp</location> 

</error-page> 

What is true? 

□ A. The deployment descriptor is not valid. 

Q B. If the application throws an IOException, nothing will be served. 

Q C. If the application throws an IOException, notFound.jsp will be served. 

Q D. If the application throws an IOException, mainError.jsp will be served. 


54 


62 

63 

64 

65 

66 

67 

68 
69 
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Given the following JSP: 

1. <% ! String GREETING = "Welcome to my page"; %> 

2. <% request.setAttribute("greeting", GREETING); %> 

3. Greeting : ${greeting} 

4. Again : <%= request.getAttribute("greeting") %> 

An attempt is made to convert the above JSP to a JSP Document: 

01. <jsp:declaration 〉 

02 . String TITLE = "Welcome to my page"; 

03. </jsp:declaration 〉 

04. <jsp : scriptlet> 

05 . request.setAttribute("greeting", GREETING); 

06. </j sp:scriptlet> 

07. Greeting : ${greeting} 

08. Again : <jsp:expression> 

09 . request.getAttribute("greeting"); 

10.</jsp : expression> 

What is wrong with the new JSP Document? (Choose all that apply.) 

Q A. No <jsp: root> was declared. 

Q B. The template text should be wrapped in a <jsp : text> tag. 

Q G. EL expressions are not allowed in JSP Documents. 

Q D. The <jsp:expression〉contents should not have a semicolon. 


Which of the following is LEAST likely to make or receive network calls? 


□ 

A. 

JNDI server 

□ 

B. 

transfer object 

□ 

G. 

service locator 

□ 

D. 

front controller 

□ 

E. 

intercepting filter 
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Given: 

10. ${questionNumber} : ${question} 

11. <c : forEach var="answer" items="${answers}"> 


16. </c : forEach> 

The question attribute is a String that may contain XML tags that must be 
displayed in the browser as regular text. With the above snippet, the browser 
is not displaying the XML tags. What can be changed to fix this? (Choose 
all that apply) 

Q A. Replace $ {question} with <c:out value= " $ {question} "/ > 

Q B. Replace $ {question} with <c: out>$ {question}</c: out> 

Q G. Replace $ {question} with <c:out escapeXml= " true " value="$ {question} "/> 
□ D. Replace $ {question} with <%= $ {question} %> 



Your Java EE web application is gaining in popularity and you decide to add a 
second server to support the volume of client requests. Which are true about the 
migration of a session from one server to the other? (Choose all that apply.) 

Q A. Such migrations are not possible within a session. 

Q B. When a session is migrated, its HttpSession goes with it. 

Q G. When a session is migrated, its ServletContext goes with it. 

Q D. When a session is migrated, its HttpServletRequest goes with it. 

口 E. If an object is added using HttpSession. setAttribute, the object 
must be Serializable in order to be migrated from one server to the 
other. 

□ F. If an object is added using HttpSession. setAttribute, and the 
object’s class has implemented Serializable. readObject and 
Serializable. writeObject, and the session is migrated, the 
container will invoke these readObject and writeObject methods. 

Q G. If a session attribute implements HttpSessionActivationListener, 

the container’s only requirement is to notify listeners once the session has 
been activated on the new server. 
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A Java EE deployment descriptor declares several filters whose URLs match a 
given request, and also declares several filters whose <servlet-name> tags 
match the same request. 


What statements are true about the rules that the container uses to invoke the 
filter(s) for that request? (Choose all that apply.) 


□ 

A. 

□ 

B. 

□ 

G. 

□ 

D. 

□ 

E. 

□ 

F. 


Of the URL matched filters, only the first will be invoked. 

Of the <servlet-name> matched filters, only the first will be invoked. 

The <servlet-name> matched filters will be invoked before the URL 
matched filters. 

All of the URL matched filters will be invoked, but the order of 
invocation is undefined. 

All of the URL matched filters will be invoked, in the order in which they 
appear in the DD. 


When comparing servlet initialization parameters to context initialization parameters, 
which are true for both? (Choose all that apply.) 

Q A. In their respective DD tags, they both have a <param-name> and a 
<param-value> tag. 

Q B. Their respective DD tags are both placed directly under the <web-app> tag. 

□ G. Their respective methods used to retrieve initialization parameter values are 

both called getlnitParameter. 

□ D. Both can be directly accessed from a JSP. 

口 E. Only changes to context initialization parameters in the DD can be accessed 
without redeploying the web application. 


A JSP developer wants to include the contents of the file copyright. jsp 
into all primary JSP pages. 

Which mechanisms can do this? (Choose all that apply.) 

Q A. < j sp : directive. include file= " copyright .jsp" /> 

Q B. <%@ include file="copyright .jsp" %> 

Q G. <%@ page include="copyright.jsp" %> 

Q D. <jsp : include page="copyright.jsp" /> 

口 E. <jsp : insert file= " copyright .jsp" /> 
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You are developing an application to manage customer accounts for a company that offers 
phone, cable, and Internet services. Many of the pages contain a search functionality. The 
search box should look the same on every page but some of the pages should limit the 
search to only phone, cable, or Internet accounts. 

Given a separate JSP named Search.jsp: 

1. <form action="/search.go"> 

2 . Find ${param.accountType} Account : 

2 . <input type="text" name="searchText"/> 

3 . <input type="hidden" name="accountType" value="${param.accountType} "/ > 
3 . <input type="submit" value="Search n 

4. </form> 

What tag should you use in a JSP that needs to search for cable accounts? 

Q A. <jsp : include page="Search.jsp" accountType="Cable "/ > 

Q B. <jsp:include page="Search.j sp "> 

<jsp:param name="accountType" value="Cable "/ > 

</jsp:include> 

Q G. < j sp : include file= "Search .jsp" accountType= "Cable" /> 

Q D. < j sp : include file= " Search. j sp " > 

<j sp : attribute name="accountType" value="Cable"/> 

</jsp:include> 


While testing how various tags and scriptlets work, a developer creates the 
63 following JSP: 

1. <% request.setAttribute("name"^ "World"); %> 

2. <!-- Test --> 

3. <c : out value='Hello, ${name}'/> 

Much to the developer’s surprise, the browser doesn’t display anything at all when 
her JSP is retrieved. If the developer views the HTML source of the page, what 


will she find in the output? 



□ 

A. 

<!-- Test --> 



□ 

B. 

<!—— Test --> 

<c : out value=▼ 

Hello, 

${name} ' /> 

□ 

G. 

<!-- Test --> 

<c : out value=▼ 

Hello, 

World'/> 

□ 

D. 

No output 
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A dating services application asks its single users a series of questions. A session scoped 

attribute called compatibility Profile of type HashMap already exists, into which each 

submitted question ID and answer pair are stored. 

Given: 

22 . <% ((java. util. HashMap) request. getSession () . getAttribute (" 

compatibilityProfile") ) . put ( 

23 . request. getParameter ("questionldSubmitted"), 

24 . request. getParameter ( n answer Submit ted")); 

25. %> 

How can this be replaced without using scriptlets? (Choose all that apply) 

Q A. <c : map target="${compatibilityProfile}" 

key="${param.questionldSubmitted}" 
value="${param.answerSubmitted}"/> 

Q B. <jsp:useBean id="compatibilityProfile" class="java.util.HashMap" 

scope="session"> 

<jsp : setProperty name= "compatibilityProfile" 
property="$ {param. questionldSubmitted}" 
value="${param.answerSubmitted}"/> 

</jsp : useBean> 

□ G. $ {compatibilityProfile [param. questionldSubmitted]= 

param.answerSubmitted} 

口 D. <c : set target:"${compatibilityProfile}" 

property="$ {param. questionldSubmitted}" 
value="${param.answerSubmitted}"/> 
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A programmer is creating a filter for a Java EE web application. Given the following code: 

7. public class MyFilter implements Filter { 

8 . public void init (FilterConfig config) throws FilterException { 


9. 

10 . 

11 . 

12 . 

13. 

14. 

15. 


public void doFilter(HttpServletRequest request, 

HttpServletResponse response, 
FilterChain chain) 

throws IOException , ServletException { } 


What change(s) are necessary to create a valid filter? (Choose all that apply.) 
□ A. No changes are necessary. 

Q B. A destroy () method must be added. 

Q G. The doFilter () method’s body must be changed. 

Q D. The init () method’s signature must be changed. 

口 E. The doFilter () method’s arguments must be changed. 

O F. The doFilter () method’s exceptions must be changed. 


66 


Your company wants to include a splash page, SplashAd. j sp, to advertise other company 
offerings to users as they first enter the site. On this new page users will be given the option to 
click a checkbox on the ad page that says“Do not show me this offer again” and click a submit 
button that says “Continue to My Account”. If the user submits this form with the checkbox 
checked, the receiving Servlet sets a Cookie with the name of “skipSplashAcTto the user’s 
browser and then passes control back to the main JSP. 

The main JSP will be responsible for forwarding the request to the splash page What snippet 
can be added to the top of the main page to send the user to the splash page if they have not yet 
selected the checkbox to avoid the ad offer? 
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A programmer wants to implement a ServletContextListener. Given the following DD 
fragment: 

101. <!-- insert tagl here --> 

102. <param-name>myParam</param-name> 

103. <param-value>myValue</param-value> 

104 . <! -- close tagl here --> 

105. <listener> 

106. <!-- insert tag2 here --> 

107. com.wickedlysmart.MySCListener 

108. <!-- close tag2 here --> 


109. </listener> 


And this listener class pseudo-code: 

5. // packages and imports here 

6. public class MySCListener implements ServletContextListener { 

7. // method 1 here 

8. // shutdown related method here 

9 . } 

Which are true? (Choose all that apply.) 

Q A. The DD fragment cannot be valid 
Q B. tagl should be <context-param> 

Q G. tagl should be <servlet-param> 

Q D. tag2 should be <listener-class> 

口 E. tag2 should be <servlet-context-class> 

□ F. method 1 should be initializeListener 
Q G. method 1 should be contextlnitialized 
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The wickedlysmart website has a validly deployed Java EE web application and 
Deployment descriptor that contains the following: 

<welcome-file-list> 


〈welcome _file>wel come • h tml</welcome-file> 
<we 1 come -file>howdy. html</welcome-file> 
〈 welcome-file>index • html</welcome-file> 
</welcome-file-list> 

A portion of the web app’s directory structure looks like this: 

MyWebApp 


I -- index.html 

I 

I-- welcome 

I I -- welcome.html 

I 

I-- foobar 

I 丨 —— howdy.html 

If the application receives the following two requests: 

http :/ /www.wickedlysmart.com/MyWebApp / foobar 
http : //www.wickedlysmart.com/MyWebApp 

Which set of responses will be served? 

Q A. howdy. html then a 404 
Q B. index.html then a 404 
Q G. welcome.html then a 404 
Q D. howdy. html then index. html 
口 E. index. html then index. html 
Q F. howdy. html then welcome . html 
Q G. welcome. html then index • html 
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Your web application has a valid dd with a single <security-constraint> tag. 
Within this tag exists: 

- a single http method that declares GET 

All of the resources in your application exist within directory 1 and 
directory2 and the only defined roles are BEGINNER and EXPERT. 

If you want to restrict BEGINNERS from using resources in directory2, which 
are true about the url and role tag(s) you should declare? (Choose all that apply.) 

Q A. A single url tag should declare directory 1 and a single role tag should 
declare EXPERT. 

Q B. A single url tag should declare directory2 and a single role tag should 
declare EXPERT. 

Q C. A single url tag should declare directory 1 and a single role tag should 
declare BEGINNER. 

Q D. A single url tag should declare directory2 and a single role tag should 
declare BEGINNER. 

□ E. One url tag should declare ANY and its role tag should declare EXPERT, 

and another url tag should declare directory2 and its role tag should 
declare BEGINNER. 

□ F. One url tag should declare both directories, and its role tag should declare 

EXPERT, and another url tag should declare directory 1 and its role tag 
should declare BEGINNER. 
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A programmer has a validly configured directory structure for his Java EE web 
application which is called MyWebApp. In which two directories could a file called 
myTag. tag reside in order to be accessed correctly by the container? (Choose two •: 

□ A. MyWebApp/WEB- INF 

□ B. MyWebApp/META- INF 

□ C. MyWebApp/WEB-INF/1ib 







D. 
□ E. 


MyWebApp/WEB-INF/tags 

k P ar^d F ： -taa ^ilcs MUST be Uaitd m 

MyWebApp/WEB-INF/TLDs J ㈣ 細 dW/ a subd ^W/J by 


F. MyWebApp/WEB- INF/ tags / myTags 


Which of the following are legal EL? (Choose all that apply) 

n/ A A -Op-tio^ A : bo^ T 11 V 'be Copied *to 

[0 A. ${"1" + "2"} , ^ n a 

type Lor\^, oufuts - >• 

^ B. $ { 1 plus 2 } B ： plus is r\o*t 3^ EL opcv-a*bov-. 

Q ${1 eq 2} -Oftior> C is valid ； ou 切 u*b *faUe. 

^ D. ${2 div 1} -Oftioh P is valid ； outputs 1.0. 

□ E. ${2 & 1} -Op-tioh E ： & is hot a valid BL ope\rato\r, unlike && ov- 

□ F. $ { n head n + n first"} -Opt»or> F ： you tar!i S*brmy 

-tKc + opeva-tov. tL +ails to toertt 

七 S-tv'm^ values m*to t/fe Pouble. 


vi.0 sc6W 
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A TLD from a Java forum website contains this tag definition: 

<tag>s 

<name>avatar</name> 

<tag-class>hf.AvatarTagHandler</tag-class> 
〈 body-content>empty</body-content> 


KP > 0 - 0 wW 竹 11 


<attribute> 

<name>userld</name> 

<required>true</required 〉 
<rtexprvalue>true</rtexprvalue> 
</attribute> 

<attribute> 

<name>size</name> 

<required>false</required> 

<rtexprvalue>false</rtexprvalue> 

</attribute> 

</tag> 

What is true about AvatarTagHandler, assuming it extends 
SimpleTagSupport and outputs HTML that displays a user’s avatar 
image? (Choose all that apply.) 



A. 

□ 

B. 


G. 

□ 

D. 

□ 

E. 


is not required. 


A ： iao^ Ka^dlcv- should 
s*tovc s\z£ even 

usa^e does〆 七 always vc<\uivc i*t. 

-Optioh C woh’t a 仏 omplish 
ahythihg Uhlcss you ovcvVide 
"this 5hd pv-ovidc the 
needed bchaviov-. Thcv-c is 
a default irwpIcrhCh'td'tioh 
ih Simplc7agSuppo\rt, but it 
docs hothih0. 


An overridden doStartTag lifecycle method is needed. -Of*tior\ P : doS*ta\rtl^ is 

-fov Classic *tae\ iia 灼 dlevs 

The class must overload all implemented lifecycle methods with 
a version that includes an extra parameter for every attribute 

defined in the TLD. In this case there is only one. 丄 . nix ； , ^ 

7^° h E： Wso^ly li^yde method 
+o\f Simple -tag hahdlc\rs ahy overloaded 

VC，rs,0hS WOh ^ ^ ^oghiz^d by the doh-bihc^. 
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A Servlet sets up a bean before forwarding to a JSP. 

Given: 

20. foo.User user = new foo.User(); 

21. user. setFirst (request. getParameter ("firstName")); 

22. user.setLast(request.getParameter("lastName")); 

23. user.setStreet(request.getParameter("streetAddress")); 

24. user.setCity(request.getParameter("city")); 

25. user.setState(request.getParameter("state")); 

26. user.setZipCode(request.getParameter("zipCode")); 

27. request.setAttribute("user", user); 


jsp 父如於 弓 0 一 弓 ’ 1 
扔 0 -识 


What snippet, if placed in a JSP, could replace the Servlet code above? (Choose all that apply.) 

Q A. <jsp:useBean id="user" type="foo.User"/> 

Q B. <jsp:useBean id="user" type="foo.User"> 


the type 

the 




<jsp : setProperty name="user" property="*"/> 
</jsp : useBean> 




- 外七 A B both use _ 

atbribute \rc^ui\rcs that 

|S alveady saved -to some sdopc. 
Evch i-f they used the dass attv-ibulc 
^ ould bc U popu | a t lh9 

param=" firs tName"/> 

param="lastName"/> 


G. <jsp:useBean id="user" class= n foo .User’▼> 

< j sp : setProperty name="user" property= "first' 

<j sp : setProperty name="user" property="last' 

<j sp : setProperty name="user" property="street” param="streetAddress"/> 
<j sp : setProperty name="user" property="city "/ > 

<j sp : setProperty name="user" property="state "/ > 

< j sp : setProperty name="user" property=" zipCode’▼/> 

</jsp : useBean> 

D. <jsp:useBean id="user" class="foo .User’’> 

<j sp : setProperty name="user" property="*"/> 

< j sp : setProperty name="user" property= "first" param=" firs tName" /> 

<j sp : setProperty name="user" property="last" param="lastName"/> 

<j sp : setProperty name="user" property="street” param="streetAddress"/> 


</jsp : useBean> 


us 七 


-Option C a^d P ： Wwidual <jsp ： sctPvofcvty> by 

be used bo map favametevs bear, pvofcvt.es ^ 

一 《 d 。 ⑽七 For pavametev tVjat do 

pvofevt/ 二 ” 氺 ” w be used *to auWatidallY 

pass dll m*to bc3^- 
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Q A. They are equally likely to make network calls. 


When comparing the benefits, limitations, and uses of a business delegate object 

and a service locator object, which are true? (Choose all that apply.) 

-Option A ： -typidally business delegate Will ask 

a^o-tKcv objet-t -to make a r>c*ty/ovk 匕 all. 

Q B. They are equally likely to invoke methods in a transfer object. -Optioh typically the 

I—. ... s C\rvidc loda-tov- doesh't use 

LJ G. They are equally likely to be invoked directly from a controller object. ^ 七❽ ^ 

0Td. The service locator will typically be considered a server to the business -Option C : 

delegate. 6or\*tvollev makes \rc<\ucs*b o-f 

七 lie business 

u E. When both are implemented with a cache, data staleness is a bieeer , r i . „ 

y/k 於 ^ctcssavy the busmess 

dclcjatc v/ill make a ve'ues 七 
of sev-vite lo^a-tov- 


E. When both are implemented with a cache, data staleness is a bigger 
issue for the business delegate. 


When creating session listeners which are true? (Choose all that apply.) » 

□ A. They are all declared in the DD. A : ttUpScssio^dm^Listc^cv- 

X X \sr.oi dcdlarcd m W M ^ 

lu B. Not all of them must be declared in the DD. 


□ C. The DD tag used to declare them is 〈 listener〉. wcVc hopihj "that you t^y\ 

□ D. The DD tag used to declare them is 〈 session-listener〉. w "thou-t Merhoviz^i … 


ioh. 


E. The DD tag used to declare them is placed within the <web-app> tag. 

□ F. The DD tag used to declare them is placed within the <servlet> tag. -Oftioia P ： v-ci^cr»\bcv- sessions 

tav\ sf>d^ rnar^Y scvvlcts. 


⑽峡 . 1.1 

V,jf rvi 


Some users have complained that strange things are happening when they have 
two browser windows open on a single machine and both windows access the 
application at the same time. You want to test various browsers to see if a session 
would be shared across multiple windows. You decide to do this by outputting 
the JSESSIONID in a JSP. How could you accomplish this, assuming you have 
cookies enabled on your test browsers? (Choose all that apply.) 

□ A. $ { cookie . JSESSIONID} -外 W A evaluates *to a Cookie obVe^i M outputs 

vcJfcvc^c bo Cookie object r^oi its mtcvnal value- 

${cookie .JSESSIONID. value} 


^ B. 
^ G. 
^ D. 

5Te. 

□ F. 


${cookie [ n JSESSIONID"] ["value"] } 

${cookie.JSESSIONID["value"]} 

${cookie["JSESSIONID"].value} 

${ cookieValues [0 ] .value} 一〜七 —p: tookicUalucs is Y\oi av\ EL 七 object 


-Options B, C, V, E ： the Cookie EL —kit 

obj^t is a map Cookie objects. These oyho^s 
all \rcl\ricvc the JSESS|0/V|p Cookie 3hd ca\\ its 
jctl/alucO method- 
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Which implicit object can access the attributes from the ServletContext? 
Q A. server 

□ B. context 一〜七 C is because *bKc Vc<\ucsV imfliti 七 

□ C. request object W cwh/ a 似 ss ve'uest - stofed atbnbu 七 es. 

^ D. application -Optioh p is doinrcdt. The applidatioh' implicit 

n P ^ 、 object is c^uivalc^t io the S^vIctCoh-tcxt. 

LJ L. servletContext 


— J^p v 1- 0 sc6t»or^ I ^ 

Options A, B, ar>d 6 avc 
mdovvett bcdausc tiicsc 

-fov JSP 


avc illegal r>a^cs 
i 叶 I 16 七 objct*b. 



Which methods exist in HttpServlet? (Choose all that apply.) 


^ A. 
^ B. 

□ G. 

□ D. 
^ E. 


doGet 


doTrace 

doError -巧 w C: 払⑽ HTTP mOR ^Od 此忱. 


doConnect 

doOptions 


-Option D： ttTTP has a COWECT method, 

bui its -the c^dcptio^ {jo ihc \rule, it’s 七 he only 
method ■tha^s ⑽七你 ivvoved m HttpScvvIct 


rtTTP I I ， W 心今 



- wf tn 讀 

You have determined that certain capabilities in your web application will require that 
users be registered members. In addition, your web application sometimes deals with user 
data that your users want you to keep confidential. 

Which are true? (Choose all that apply.) 

□ A. You can make transmitted data confidential only after your application has 
verified the user’s password. 

Q B. Of the various types of authentication guaranteed by a Java EE container, only 
BASIC, Digest, and Form Based are implemented by matching a user name to a 
password. 

G. No matter what type of Java EE authentication mechanism you use, it will only 
be activated when an otherwise constrained resource is requested. 

Q D. All of the Java EE guaranteed types of authentication provide strong data 
security without the need to implement supporting security features. 
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Given these fragments from within a single tag in a Java EE DD: 

343. <web-resource-collection> 

344. <web-resource-name>Recipes</web-resource-name> 

345. <url-pattern>/Beer/Update/*</url-pattern> 

346. <http-method>POST</http-method> 

347. </web-resource-collection> 




367 . <auth-constraint> 

368. <role-name>Member</role-name> 

369. </auth-constraint> 


385. <user-data-constraint> 

386. <transport-guarantee>CONFIDENTIAL</transport-guarantee> 

387. </user-data-constraint> 


Which are true? (Choose all that apply.) 


A. A Java EE DD can contain a single tag in which all of these tags can legally co-exist. 


B. It is valid for more instances of <auth-cons traint> to exist within the single tag 

described above. .., 

-Option C : a valid -⑽ 

Q G. It is valid for more instances of <user-data-constraint> as ^ IS ^y\ dcdlav-c or\ly d sm^lc 

to exist within the single tag described above. -type o-f da*t3 mteyrty. 




D. It is valid for more instances of <url-pattern> to exist within the 


^ E 

^ F. 


<web-resource-collection> tag described above. 

It is valid for other tags of the same type as the single encasing tag described above to 
have the same <url-pattern> as the tag above. 

This tag implies that authorization, authentication, and data integrity security features 
are all declared for the web application. 
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You are creating a JSP Document that generates a dynamic SVG image which 
is represented by an XML document structure. The JSP must declare the 
HTTP response header ' Content-Type ' as ' image/svg+xml ' so that 
the web browser will render the response as an SVG image. 

Which JSP code snippet declares that this JSP Document is an SVG response? 

O A. <%@ page contentType= ' image/svg+xml ' %> 

Q B. <jsp :page con ten tType= ▼ image/svg+xml ▼ /> 

^ G.<jsp : directive.page contentType='image/svg+xml' /> 


□y 


jsp v r o st 


-Optioh a is bemuse 

s*t^hdav*d JSP di\rcdtivc syntax 
^% 沴 ，.. ％>’ is h 。七 va y m j S p 

-Option B is 'mdovvct*t bcdausc 
is r>o s-ta^davd 

m JSP PoturwCr\*b. 


< j sp : page . contentType>image/svg+xml</j sp : page . contentType> 

—^ is •… 匕 ov*vcd>*b 


-Optioh c is CoYYtti because the jsprdiv-cdtivc. 
page is the appiropiriatc s-bhdav-d JSP Vo^^t 


■bKcvc 
s*tar\davd 


is r\o ^or\*tcr\*tType 

ivd OSP Po£.umCir\*bs- 
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Given in a JSP page, the line: 

<%-- out.print("Hello World"); _-%> 

What is the HTML output? 


□ A. 

□ B. 

□ G. 

^ D. 


Hello World 

out.print("Hello World"); 
<!-- Hello World --> 

No output is generated by this line. 


v ro in 
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Which statements about HTTP session support are true? (Choose all that 



□ B. 



□ E. 


"I) 


[ava EE containers must support HTTP cookies. 


ava 


-Option B ： URL vcy/vitm^ is almost always used 

as i\\t ^allbadk Cookies art Y\oi available, 

EE containers must support URL rewriting. ^ 七 •• 七 , s (s/f)T d \rc<\ui\rcmcn*b (or tohtamcvs. 

Java EE containers must support the Secure Sockets Layer. 

Java EE containers must support HTTP sessions, even for clients that 
do not support cookies. 

Java EE containers must recognize the HTTP termination signal that is 
issued to indicate that a client session is no longer active. 


以二 ㈣ 
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Your company has purchased a license for a third party JavaScript 
library for constructing menus. Your team has run into countless errors 
by mistakingly misusing the library and the users are insisting that 
certain menu items should only be visible to users with the authorized 
security role. A custom tag library using Simple tag handlers could shield 
developers from making syntactical JavaScript errors and provide the 
security features the users desire. 

After a design meeting, your team lead documented that she would like 
the menu to look like the following: 

<menu : main> 

<menu : headltem text="My Account" url="/myAccount.do"/> 

〈 menu:headltem text="Transactions"> 

<menu : subitem text="Incoming" url="/incomingTx.do"/> 
〈 menu: subitem text="Outgoing" url=’’/outgoingTx. do"/> 
<menu : subitem text="Pending" url="/pendingTx.do" 

requireRole= M accountant"/> 

</menu : headltem 〉 

〈 menu:headltem text="Admin" ur1=" / admin.do" 

requireRole= " admin ’▼ /> 

</menu : main> 




You wish to put the full responsibility of generating output on the 
outer <menu : main> tag handler, assuming that centralizing the display 
logic will be easier to maintain. The outer tag handler will need access to 
its descendent tags to accomplish this. Which of the following options 
provides the best approach? 

A. Every inner tag should register itself directly to its immediate parent. 
The immediate parent can store its children in an ordered collection. 

Q B. Every inner tag should register itself directly to the outer tag handler, 
and the outer tag handler can store them all in a single HashSet. 

Q G. Unlike Classic tags, SimpleTagSupport provides the methods 

findDescendentWithClass () and getChildren () which give 
the main outer tag full access to its children without any extra 
coding necessary. 

Q D. Have each inner tag save itself as a page scoped attribute with its text 
value as the attribute key. 


solution as \i scales a s.mjlc 
\xtt S*tv"Ut*tuV-C 七 ^ 七 

a'lVCS 

lo all its lay. 

- 外七 io 妁 s B D wouldh ’ 七 give 

the outcir tag any c\\aC how the 

irm 饮 lay a\rc stv-u^tuv-cd. 

C : tViCSC methods 

dov\i 

-f'mdA^^s*tovlVi*t^ClassO 

oic*tP3V"cr\*tO avc available 

?\rom API* 
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^； ； XP V I I 

Which JSP life cycle phase can cause an HTTP 500 status code to be returned on 
a request to a JSP page? (Choose all that apply.) 

A. JSP page compilation -Optioh A is bc^usc the JSP scv-vlct Codt 4ils io 

^ t, tkh -the doh-taihc\r must gchc\ratc a scv-vcv--sidc 



JSP page compilation 
B. Execution of the service method 
G. Execution of the destroy method 


C\r\ro\r. 


D. Execution of the initialization method 

-Option C is mto\rvCtt ； dcstvoy mctiiod 

cav\v\oi 匕 ause a ^00 cvvov. 




一 0 is h ^ 3{Ase ^ ihc 
method throws ah cxdcptioh, -thch ihc “tai 欧 

^ot issue 代 n 叱也匕妞 e JSP 釙 d 罐七 s ⑶ d 
3 sc\rvc\r-sidc cv-v-ov-. 


V 


Given that session is a reference to a valid HttpSession and "myAttr" is 
the name of an object bound to session, which can be used to unbind object(s) 
from a session? (Choose all that apply.) 


API, ^ ^ ^ 


□ A. 
^ B. 

□ G. 

□ D. 

□ E. 
^ F. 

□ G. 


session.unbind(); 
session.invalidate(); 
session.unbind("myAttr"); 

session.remove ("myAttr"); 一〜七 • ，挪 它： mvalida 七 c() is used *bo all 

session. invalidate ("myAttr") ;objct*b kouy\d *to session 

session. removeAttribute ("myAttr") —Option F ： v-cmovcA't'tv-ibu-tcO is used 

*to a s'm^lc object. 

session.unbindAttribute ("myAttr"); 


API , 以 -你 


If req is a reference to an HttpServletRequest and there is no current 
session, what is true about req. getSession () ? (Choose all that apply.) 

Q A. Invoking req. getSession () will return null. -0f*tior\s A 3r\di m tiiese tascs 

口 B. Invoking req. getSession (true) will return null. a ^ CY/ sess,cm IS ⑽ 3 七以 




G. Invoking req. getSession (false) will return null. 

D. Invoking req. getSession () will return a new session. 


E. Invoking req. getSession (true) will return a new session. 
Q F. Invoking req. getSession (false) will return 


a new session. 
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A Classic tag handler exists in legacy code. The author wrote a handler that 
evaluates its tag body a hundred times, to be used in testing other tags that 
produce random content. 


Given: 


赏 d.i 


06. public class HundredTimesTag extends TagSupport { 


07. 

08. 

09. 

10 . 

11 . 

12 . 

13. 

14. 

15. 

16. 

17. 

18. 

19. 

20 . 


private int iterationCount; 
public int doTag() throws JspException { 
iterationCount = 0; 
return EVAL BODY INCLUDE; 


public int doAfterBody() throws JspException { 
if(iterationCount < 100){ 
iterationCount++; 
return EVAL 一 BODY 一 AGAIN ; 

}else{ 

return SKIP BODY; 
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What is incorrect about the code? 

Q A. Tag handlers are not thread safe, so the iterationCount can become 
out of sync if multiple users are reaching the page at the same time. 


-Optioh h -bg hahdlcv-s av-c iWtad sa^, 

so i-t is 0^ -to sW state ih them. 


□ B. 




G. 


The doAf terBody method is never being called because it is not part 
of the tag handler lifecycle. The developer should have extended the 
IterationTagSupport class to include this method in the lifecycle. 


The doTag method should be doStartTag. As written, the default 
doStartTag of TagSupport is called which simply returns SKIP— 
BODY, causing doAf terBody to never be called. 


-Option 

l-tcv-atio^Ta^Suppovt is ⑽七 a 
veal tlass. Tiic doA-ftcv-Body 
mctKod is fa\rt o-f i\\t 
(•bcvatio^Ta^ m*tcv-fadc y/iiiA 
la^Suffort docs imple 你⑼七 . 


-Optioh 0 simply 
"this ructhod hdnrte should -P'n 

D. When doAf terBody returns EVAL_BODY_AGAIN the doTag method is happchs^usc^Ja^ 

called a grain. The doTag method resets iterationCount to 0, resulting •, . , . 

. 5 ， . , T ^ ^ ' 5 'ts a good idea "to use -tKc 

m an infinite loop and a java. lang. OutOfMemoryError is thrown. &0\/cvr\dc a 

■tkse li-fcdydlc methods -to 


- 〜七 ior\ D: i-f 

0^hoY\ C is loop should 

ou^ bemuse d Classic tails 

doS-tartla^ move *t^a^ out- 


ChSu\rc like 

tliis doesh^t Kappeh. 
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--:--- API , 以 2 M •一撕 

Given this fragment from a web application’s DD: 

72. <session-config> 

73 . 〈 session-timeout>10</session-timeout> 

74. </session-config> 

And given that session is a reference to a valid HttpSession, and this 
fragment from a servlet: 

30 . session.setMaxInactivelnterval(120); 


After line 30 executes, which are true? (Choose all that apply.) 


□ A. 

□ B. 

□ G. 

□ D. 

w 

□ F. 

□ G. 


The DD fragment is not valid. 


The invocation of setMaxInactivelnterval will modify the value in 

the <session-timeout 〉 tag. 

It is impossible to determine the session timeout limits given the above. 

If the container receives no client requests for this session in 2 hours, the 
container will invalidate the session. 


-Op-tioh B ： -the method 
ohly ovcviridcs the 
timeout -foir this scssioh. 


If the container receives no client requests for this session in 2 minutes, 
the container will invalidate the session. 

If the container receives no client requests for this session in 10 seconds, 
the container will invalidate the session. 

If the container receives no client requests for this session in 10 minutes, 
the container will invalidate the session. 


—Option £ ： 

avy 眯伙 *1 -fov- 

method vcf\rcscr\*b 

sMo 灼 ds, Kowcvcv 

value m 
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You have created a valid directory structure and a valid WAR file for your Java EE 
web application. Given that: 

- ValidApp. war is the name of the WAR file. 

- WARdir represents the directory that must exist in every WAR file. 

- APPdir represents the directory that must exist in every web application. 




• 0 — ^ 0 灼 A 




、 usU “alWMtTA -价 


Which is true? 

口 A. The actual name of WARdir is NOT predictable. ^ it . , 

✓ d' tyfitally w 灼 tamev … ill 

Lu B. The name of your application is NOT predictable. appl^atio^ by usm^ 於 ame 

Q G. In this directory structure, APPdir will exist inside WARdir. -file, bu*t s y\o*t 

□ D. In this directory structure, the application’s deployment descriptor will 
reside in the same directory as WARdir. 

O E. Placing your application in a WAR file provides the option for the ^ ^ ^ -file 

container to perform additional runtime checks not otherwise guaranteed. ' ■. 丄 . 

r & ^ives you *tnc option 

pev-fovm 灼 al 

(jigplqy—•timg tiiCdks. 
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When comparing HTTP GET to HTTP POST, what is true? (Choose all that apply.) 


HTTP 1,1 孙 d 


^ A. 

□ B. 

□ G. 
^ D. 

□ E. 


Only HTTP GET is idempotent. -Option A- a ^orr^dots^ i c^krtly 

d mC*tV>od> qfcT is assumed- 

Both require an explicit declaration in HTML form tags. 

Only HTTP POST can support multiple parameters in a single request. 

Both support single parameter requests that send multiple values. -Option D : both C^y\ hdhdle 七 his. 
Only HTTP POST requests should be handled by overriding a servlet’s 


service () method. 


-Option (or tiic sake o*f 

•tKc you should r^cvcv 

ovcvvidic *tKc scvvidcO mrtiiod. 


Given this code in a servlet: 


WflM 


82 . String s = getServletConfig () . getlnitParameter ("myThing"); 


Which DD fragment will assign to s the value "myStuff"? 


□A. <init-param> 

<param>myThing</param> 

<value>myStuff</value> 

</init-param> 


□ B. 


^ G 


<init-param> 

<name>myThing</name> 
<value>myStuff</value> 
</init-param> 

<init-param> 

<param-name>myThing</param-name> 

<param-value>myStuff</param-value> 

</init-param> 


- 外 tioh C is the syh-bx 
the <ihit-pav-am> -bg. 


□ D. <servlet-param> 

<name>myThing</name> 
<value>myStuff</value> 
</servlet-param> 


口 E. <servlet-param> 

<param-name>myThing</param-name> 

<param-value>myStuff</param-value> 

</servlet-param> 
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— t I . 纪 .3, 

Given that a String is stored as an attribute named accountNumber of some scope, ^ 

which scriptlet(s) will ouptut the attribute? 

^ -Option A : l-f V<>^ ^ usc 

Ixl A. <%= pageContext.findAttribute ("accountNumber") %> ^ 

Q B. <%= out.print ("${accountNumber} ") %> ^ n 

-t^ptioh fc }： fcL does 

口 G. <% Object accNum = pageContext. getAttribute ("accountNumber") ; get evaluated 

inside o-f sd\rip-tlcts. 
This is ah illegal use 
ahyway ； 

so doh't thihk this 
was just a tv-idk/ 

—Option C : So dose. 
scwlc*tCor\*tc%*t is 
Y\o{, a valid imflidi 七 
object l*t should 
V^ave used afflidatio^. 

-Optioh D ： \rc<\ucs-tpispa-tdhcv- is 
ho 七扣 i^plidit object Evch i-f 
i 七 七 his is jus 七 y/\roh0. 


if(accNum 
accNum 

} 

if(accNum 
accNum 


=null){ 

request.getAttribute ("accountNumber"); 
=null){ 

session.getAttribute ("accountNumber"); 


if(accNum 
accNum = 

} 

out.print(accNum); 


=null){ 

servletContext. getAttribute ("accountNumber") 


%> 


Q D. <% requestDispatcher.include("accountNumber"); %> 



You have inherited a legacy JSP web application with lots of scripting 
code. Your manager has demanded that every JSP be refactored to remove 
scripting code. He wants you to guarantee that no scriptlet code exists in 
your JSP codebase and to have the web container enforce a “no scripting” 
policy. 


v)SP \/cr^0Y\ 2-*^ 


Which web. xml configuration element will accomplish this goal? 


Q A. <jsp - property-group 〉 A ,s mdovvct*t because 

<url-pattern〉* . jsp </url-pattern 〉 is not a valid 

〈 permit-scripting〉false </permit-scripting 〉 do^-Pi^uvation element 
</jsp-property-group> 


□ B. 



<jsp-config> 

<url-pattern> *.jsp </url-pattern> 

〈 permit-scripting 〉 false </permit-scripting> 
</jsp-config> 


-Optioh B is \y\toYYtt{^ because 
吡 itheir <jsp-doh-fig> ho^ 
<pc\rmi-t-s^\rip-tih9> av-c valid 
^Oh-piguv-atioh dcr^Chts. 


<j sp-property-group> 

<url-pattern> *.jsp </url-pattern> 
<scripting-invalid> true </scripting-invalid 〉 
</jsp-property-group> 


口 D. <jsp-config> 

<url-pattern〉* . jsp </url-pattern 〉 -Option P is mdovved-t because 

<scripting-invalid> true </scripting-invalid 〉 <jsp - 乙 oJiy is ^o*t a valid 
</ j sp—config> dor>-(*i^uv 3 *bior> clc 你⑼七 . 
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Given: Wf 別惫 

01. <%@ taglib uri="http : / /java. sun. com/jsp/jstl/core" prefix= n c n %> 

02. 

03. <% 

04 . java.util.List books = new java.util.ArrayList(); 

05. // add line here 

06 . request. setAttribute (" my Favor i teBooks , books); 

07. %> 

08. 

09. <c:choose> 

10. <c : when test="${not empty myFavoriteBooks}"> 

11. My favorite books are: 

12 . <c : forEach var="book" items="${myFavoriteBooks}"> 

13 . <br/> * ${book} 

14. </c:forEach> 

15 . </c:when> 

16 . <c:otherwise 〉 

17. I have not selected any favorite books. 

18. </c : otherwise> 

19. </c : choose> 


Which of the following lines of code, if inserted independently at Line 5, will cause the text 
within the c : otherwise tag to display? (Choose all that apply) 

□ A. books • add (" ") ; -Options K B, V all add somc*bK'mg *to 


^ B. 


books.add(null) 
Q G. books.clear(); 


books List \i NOT e 叶切 . 


D. books.add("Head First"); 
Q E. books = null; _ 
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You are working on an application that manages a business listing directory. 
Given: 


29. <c : forEach var="phoneNumber" items='${company. 

contactlnfo•phoneNumbers}'> 

30 . <c : if test='${verify:isTollFree(phoneNumber)}'> 

31. <img src="/images/To11Free.gif"/> 

32 . </c : if> 

33 . ${phoneNumber}<br/> 

34. </c:forEach> 


KP v 2 -^ 

5 聲列 


The above snippet adds a special icon in front of phone numbers that are 
toll free. Which statement about the EL function from this code snippet is 
guaranteed to be true? —Option A : ^11 EL -functions mus 七 

i—^ be dedlaved publid av\d siahc- 

Iju A. The EL function must be declared public and static 

i—I -Optioh B ： it should \rctu\fh a boolean value 

^ The EL function must not return any value and be declared void so it ddh be used by the 


Q G. The <uri> value in the EL function’s TLD must be Verify 

Q D. The name of the class that implements the EL function must be 
named Verify 

Q E. If phoneNumber is a String, the 〈 function-signature 〉 value' 
in the TLD should be isTollFree (String) 

-Option v-c«\uivcs a 代七 u 作 

•type be dcdlav-cd. I*t also \rc«\uivcs 七 all dass -types be 
•fully ^uali-ficd, so should be java.la ， SVn^. 


C' <uvi> value Should 
nxaicM v/iia-tcvcv is dctlavcd m 
JSP’s dive 乙七 We ， 

v/ds r\o*t sliov/\r\. 

-Op-tioh D： the -fully c^uali^ied 
dass is mapped *m the 
丁 Lp usihg <-Puhd-tioh-dlass> ahd 
docs hot have -fco any 

pairtidulav- hamih^ dohVChtioh "to 

be used -Po\r BL- -Puhd*tiohS. 
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Which are methods of HttpServletRequest that retrieve the body of the 
request? (Choose all that apply.) 

^ A getReader() A ： ^iRcadcM Sieves the 

□ B. getStream() bod Y 办 W^ d 沁 . 

口 G. getlnputReader() 

D. getlnputStream () -Option P ： *bKis method \rc*bv-icvcs *bKc 

body ds bmav-y da*ta- 

口 E. getServletReader() 

□ F. getServletStream () 


API 
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Given a Java EE web application in which the following browser request: 

http : //www. wickedlysmart. com/MyApp/myDir/DoSomething 

—will be handled by a servlet in the application, which three are true? 
(Choose three.) 


Scvv II, ^ ^ 


^ A. The deployment descriptor must include instructions to handle 
the request as specified. 


-Option A ： a <sc\rvlc*t-mafp'm5> 

mus*t be spedi-f ied m PP 


□ B. 


The request can be handled as specified with no related instructions in the 
deployment descriptor. 


□ G. 
^D. 

□ E. 
^ F. 


The servlet that handles this request must be named DoSomething. class. 

The servlet name is not predictable based on the information provided. ^ ^ ^ 

E ： a^d 

The application must contain a directory named myDir. DoSomcthihg 

The name of the directory in which the servlet resides is not predictable … ^^t^kno\Ny\ 
based on the information provided. • c 

Your web application has a valid deployment descriptor in which student and ^ 

sensei are the only security roles that have been defined. The deployment 
descriptor contains two security constraints that declare the same resource to 
be constrained. The first security constraint contains: 


234 . <auth-cons traint> 

235. <role-name>student</role-name> 

236. </auth-constraint> 

And the second security constraint contains: 


251. <auth-constraint/> 


Which are true? (Choose all that apply.) 

Q A. As the deployment descriptor stands now, the constrained resource can 
be accessed by both roles. 

Q B. As the deployment descriptor stands now, the constrained resource can 
be accessed only by sensei users. 

As the deployment descriptor stands now, the constrained resource can 
be accessed only by student users. 

If the second <au th- cons train t> tag is removed, the constrained 
resource can be accessed by both roles. 

Q E. If the second <auth-constraint> tag is removed, the constrained 
resource can be accessed only by sensei users. 


□ G. 

^ D. 


- A ， 好， a 灼 d C: "tW 

scCoy\A is 

mcar\s y\o voles 
use vcsouirdc. 


□ F. 


If the second <au th- cons train t> tag is removed, the constrained 
resource can be accessed only by student users. 
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Which of the following custom tags is guaranteed to fail? (Choose all that apply) 

0Ta. 〈 mine:border> 

〈 mine: photos album:" $ {albumSelected} ’▼> 

</mine : horder> 

</mine : photos> 

Q B. 〈 mine:border> 

〈 mine:photos album="${albumSelected}"/> 
</mine : horder> 

Q G. 〈 mine:border> 

${albumSelected.title} 

<mine : photos>$ {albumSelected }</mine : photos> 

</mine : horder> 

□ D. <mine : photos includeBorder="${userPreference.border} 

album:"${albumSelected}" /> 


JSP I -礼 

Wf I 。 

-Option A : ^ <n.*mC ： ^o-tos> 

is 於 o 七 fvofcvly nested- 


-Op-tiohs B, C, av\d V av-c a\\ 

potchtially legal usages Jc 

^US-torn -tags. 
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-:- rr -:- 

Your n-tier web application uses the Java EE patterns that are most typically used (p 
when such an application wants to access remote registries. Which are benefits of 
these patterns? (Choose all that apply.) 

^ A. Increased cohesion _ TKc pa*t*tcvr>s used iicv-c av-c bus'mess sev-vide 

\otabor. By usm^ tacM 

U B. Better performance ^ as moy>c 4 duSC j ycsPo^sib'ilitics, a^d 诎⑼ arcM\itciyAra\ Aa 呼 s 

Better maintainability oCC.\a>t, mam 七 ⑼ aW CT*fov*ts v/ill be veduded- 


^ G. 

□ D. 

□ 


E. 


Reduced network traffic 
More interactive browser ca 


^pW pM-fyou P ided 咖伽 D (Wt w 針 y - 忪 

P ablllties W ； ，dc is , with a 似 k you w indeed 

l[ d[AU ^ Q]rk However dadhes always with 

° Wh so this £Ke ^osi sb,da,d solution 




What is generally true about the lifecycle of a servlet? (Choose all that apply.) 

A. You should NOT write a constructor for a servlet. 

Q B. You should NOT override a servlet’s init () method. ^~ 

Q G. You should NOT override a servlet’s doGet () method. 


Q D. You should NOT override a servlet’s doPost () method. 

[^T E. You should NOT override a servlet’s service () method. 

□ F. You should NOT override a servlet’s destroy () method. 


Options d av\A F av-c usually do^c 
d scvvlc*t r>ccds *to dvcaic 
ar\d dcs-tv'oy vcsouvtcs used by 
•tKc soviet su^K as database 
乙 ormet 七 io 灼 s. 
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Given this portion of a Java EE . war file’s directory structure: 

MyApp 




—— META- INF 


I-- MANIFEST.MF 
I _ _ web • xml 


- WEB-INF 


I -- index•html 

I-- TLDs 

I—— Header.tag 

What change(s) are necessary to make this structure valid and the resources 
accessible? (Choose all that apply.) 

Q A. No changes are necessary. 

^ B. The web. xml file must be moved. W B: must be m W6B-INF divc^vy- 

□ G. The index.html file must be moved. -Option C is 0^, but v\o{, di\rc^*tly a^cssiblc bo 

D. The Header. tag file must be moved. P ： -files mus*t be m 

n 1A/EB-1 NF/*ta<\s/ Portion <Jc \xtt- 

口 E. The MANIFEST. MF file must be moved. ^ ' 

口 F. The WEB-INF directory must be moved. 

Q G. The META-INF directory must be moved. 


60 VC I 认 ’ 

You are considering implementing some variety of MVG in your Java EE n-tier : f I^V 


application. Which are true? (Choose all that apply.) 


n . . . -Option A : bus'mess delegates sc^rvc co^roi.cT- 

LJ A. This design will often serve business delegate objects. ' 七 • B b.e^ts 七 ha 七 support 


£.oy\*tvolIcv*s. 


□ B. 

□ G. 




D. 


E. 


□ F. 


It often reduces network traffic by caching remotely located data. 

This design goal simplifies communications with heterogeneous resource 
registries. 


MVC migK-b but MVC 

i-bcl-f -tyf^ally does 灼 ’ 七 . 


Even though MVG solutions have many benefits, they often increase 
design complexity. 


•Option 0 this is the 
^\/\U loda-tov-s job. 


Both the front controller pattern and Struts could be considered solutions 
for this design goal. 


This design will provide you with the capability to easily recombine 
request and response handlers. 


-Option F : tV^is is i\\t job 

\n\\\CM Cav\ v/ovk y/rtii MVC, 

but y/ilidii is sepavatc. 
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Given in a JSP page, the line: 

<% List myList = new ArrayList(); %> 

Which JSP code snippets can you use to import these data types? (Choose two.: 


jsp v r o st 


出。 yj.10.1 


□ 

A. 

<%! 

□ 

B. 

<%@ 


G. 

<%@ 

□ 

D. 

<%! 

HTe. 

<%@ 


import='java.util.ArrayList' %> 


-Option A IS mdovre 匕七 

bcdausc JSP dcdlavatior^ 

Grmot be used *to msevt 
import s*ta*tcmc^*b m*to 七 he 

七 va 扒 slated scwlct todc 

-0\>hoy\ B is ihdov-v-edt 
st’ ％> because tkvc is ho 

List; %> JSP di ^ iv c* 

-Option P is m 匕 ovre^t bcdausc 
JSP dc^lav-a*tior\ da^o-t be used 
{jo msevt i 个 v 七 siaitr^tY\h m*to i\\t 
tvarda 七 ed scwlct 匕 ode. 
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: : : a, “ 〜 

You are tasked with adding several security features to your company’s Java EE 
web application. Specifically, you need to create several classes of users and based 
on a user’s class, you need to restrict them to use only some of the application’s 
pages. In order to restrict access, you must determine that users are who they say 
they are. 


Which are true? (Choose all that apply.) 

Q A. If you need to verify that users are who they say they are, you must use 
the application’s deployment descriptor to implement that requirement. 


-Option A : Y° u ^ a l so 

pCV"-foVm 灼七 .1 匕没 tio 灼 

^\ro^V"3mw\3*bi£.3llY- 


□ B. 

^ G. 


Java EE’s authorization capabilities should be used to determine that 
users are who they say they are. 


— Option B ： this ^ucs-tioh 

is about authehiiGtioh. 


In order to help you determine that users are who they say they are, you 
can use the deployment descriptor’s <login-config> tags. 


□ D. 
^ E. 


In order to help you determine that users are who they say they are, you 
can use the deployment descriptor’s <user-data-constraint> tags. 

Depending on the approach you use, determining that users are who they 
say they are might require including a "realm". 


-Option V : ^ ,s 

{jo 忧七 data ir > 七 
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ValidApp is a Java EE application with a valid directory structure. ValidApp 
contains .gif image files in three locations within the directory structure: 

- ValidApp/imageDir/ 

- ValidApp/META-INF/ 

- ValidApp/WEB-INF/ 




In which of these locations can clients directly access these .gif files? 


□ A. 
^ B. 

□ G. 


Only in ValidApp/META-INF/ 
Only in ValidApp/imageDir/ 

All of the above locations 


-Option \( a *b autss ^ilcs m W6B-INF 

ov /VltTA-INF dor\*ta'mcv 你 us 七 ve 七 um a 午 0 千 . 


□ D. Only in ValidApp/imageDir/ and ValidApp/WEB -INF/ 
Q E. Only in ValidApp/imageDir/ and ValidApp/META- INF/ 


Given req is a reference to a valid HttpServletRequest, and: 

13. String[] s = req.getCookies(); 

14. Cookie[] c = req.getCookies(); 

15. req.setAttribute("myAttrl", "42"); 

16. req•setAttribute( n myAttr2 n , 42); 

17 . String [ ] s2 = req. getAttributeNames (); 

18. String[] s3 = req.getParameterValues("attr"); 
Which lines of code will not compile? (Choose all that apply.) 

^ A. line 13 —Option A : jctCookicsO \rc*buv^s a Cookie av-v-ay 


API 


Q B. line 14 

n ^Option P ： stihiiMtO takes a 

LI C. lme 15〆 一釙 as Java ^ be 

□ D. line 16 bo%cd *to an Object 

^ E ' lme 17 -Option E ： gctAUv-ibutc/Va^csO 

□ F. line 18 代 七冰⑽扣 Ehumc\ra-tioh 


Wlc ky>oy/ *tKis is 3 V"C3l 
u mCmo\r'iz3*tio^ W k'md <>f 


c|ucs*tior>, dr\d v/cVc sovv 
you mijK-t *tKis k'md 
tK'mg oy \ veal 


Y，but 
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A Tag File named Products . tag displays a list of products. 
Given this snippet from the Tag File: 




1. <%@ attribute name="header" required= M false" rtexprvalue="false" %> 

2. <%@ attribute name="products" required="true" rtexprvalue="true" %> 


3 . <%@ tag body-content="tagdependent" %> 


Which of the following are legal usages of the Tag File? (Choose all that apply.) 




A. <display : Products header= " Shopping Cart" products="${shoppingCart} "/ > 

Q B. <display : Products header="Wish List" products= M ${wishList}" body- 

content=”$ {body} ”/> -Optioh B ： body-dohtcht is hot a valid attribute 

G. <display : Products header="Similar Products" products= n ${similarProducts}"> 

Customers who bought this item also bought : r , ,, 

〈 /display:Products 〉 0 a body is allov/cd bcdausc o\ tiic tayief ⑼ d ⑼ t 

■~~I bodv—dor\*tcr\*t value m 

LI D. <display : Products header='<%= request.gexParameter("listType") %>' /> 




一 ytioh D: firodu^ts is a attHbutc. 

^ 々 w^Uold a sMyilci b^ausc 
it was detihed with vtcxpirvaluc set -to -false. 


41 




You are taking part in an initiative to remove scriptlets from the JSPs of a legacy web wf mo -讲 
application for a major bank. You come across the following lines of code: 

<% if ((com. your company. Account) request. 

getAttribute("account")).isPersonalChecking()){ 

%> 


Checking that fits your lifestyle. 

<% } %> 

How can you replace this using JSTL? (Choose all that apply) 


-Option A -f'mds i\\t atbribu 七 e 
aaou 灼七 ar>d tails 


^ A 

^ B. 
^ G. 
□ D. 


<c : if test='${account.personalchecking}'>Checking 
that fits your lifestyle. </c : if> 


ispevso 灼 al Chedk •… 3() ov\ 

J\Uo\AY\i object. 


<c : if 

<c : if 

<c : if 


test='${account["personalChecking"]}'>Checking 
that fits your lifestyle. </c : if> 

test= n ${account['personalchecking']}">Checking 
that fits your lifestyle. </c: if> 

test='${account.isPersonalChecking}'>Checking 
that fits your lifestyle. </c : if> 

-Oftior^ P >will look -fo^r d y*t|sPevso”alCi^kir^ 
oy \ Adtou^t and -tiivoy/ caption 
v/iicn i*t is ⑽七 -found- 


-OptiohS B 3 hd C : ho-tific that 

eithev* single ov- double quotes 
rway be used, but the quotes *m 
the must v\oi be the same 
type as those used -fco suvv-ou^d 
it i-P it is av\ evaludied 

"^ 3 ’ 丁 h |S doesh^t apply 

■to template tex-t -tags 

whi^h oi\rc hot evaluated: <a 

hv*c-f— f 

Crwai| W j} W )>crwail</ a> 
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Given the following event types: 

- HttpSessionEvent 
- HttpSessionBindingEvent 
- HttpSessionAttributeEvent 


价 1, W 


Match the event types above to their respective listener interfaces. (Note: you can 
match an event type to more than one Listener.) 

HttpSessionAttributeListener ... . 


HttpSessionListener ..^^^ CSS ! 0 ^ VCy !^.. 

HttpSessionActivationListener ... . wade 

HttpSessionBindingListener . 姑 ?$???)?•々 . Atbr.iWtet'/ev' 


What’s true about the lifecycle of a servlet? (Choose all that apply.) 


sew 


% ^ TMOl 


□ 

A. 

□ 

B. 


G. 

□ 

D. 


E. 


when a new request is received. 


xt{\\oA is mvoked 


The service () method is invoked by either doPost () or doGet() 一咐 “ B ： the se^vi^O 

after they’ve completed a request. me-thod i hV okcs dogrtO 

Each time that doPost () is invoked, it runs in its own thread. OY 

The destroy () method is invoked after every invocation of doGet () 

COmpleteS . -0 P tio, D ： 

The container issues a separate thread for each client request. voices dcsbroyO whch it 

decides -to iremove a scwlc-fc. 


_ vi.0 sc 出挪" .今 

When might a JSP get translated? (Choose all that apply.) Wf 

i-i A ： J£Ps avc Y\oi \otaitd m i\\t sre -foldcv 

^ A. When the developer compiles code m the sre folder doCS ^ ^ pi | c like udt. 

QlI B. When the application is started 

-Optiohs B av\d 0 \i c,av\ ou^ a^y time between 

0 C. The first time a user requests the JSP initial dcploymcht ihio the JSP doltaih^ a^d the 

□ D. After jspDestroy () is called, it gets retranslated 3 匕 l_Ch 七 (o\r -fchc page. 

-Option D wok / 七 ^ausc tv-ahslatio^ 

■to 七 he same page. 
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— ； ； Ap|, ^ 2-0^°^ 

Given this fragment from a valid doGet ( ) method: 

12 . Outputstream os = response.getOutputStream(); 

13. byte[] ba = {1,2,3}; 

14 . os.write(ba); 

15 . RequestDispatcher rd = request.RequestDispatcher("my.jsp"); 

16 . rd.forward(request, response); 

Assuming that "my. j sp" adds the bytes 4, 5, and 6 to the response, what is the result? 


□ 

A. 

123 


B. 

456 

□ 

G. 

123456 

□ 

D. 

456123 


B ： bedduse os.-flusiiO y/a 讲’七 dallcd, u^orwrw'ittcd 

output dlV, is deaved, a”d ^ovv/avd »s irwokcd 

l-f os,flusKO V^ad been tailed bcW ^ovy/avd, ^ 
lllc^alSta-tcE^cpt'o^ v/ould been 七 Wo 條 . 


]E. An exception is thrown 


A r A programmer needs to update a live, running servlet’s initialization parameters 2-, 

4u so that the web application will begin to use the new parameters immediately. Vvf I 弓 1 一 1 弓弓 

In order to accomplish this, which must be true (although not necessarily -Option A : 七 - 

sufficient)? (Choose all that apply.) ^ 眯 uS ^ be flawed v/rtW 

□ A. For each parameter, you must modify a DD tag that specifies the name <scvvlc*t> so 
of the servlet, the name of the parameter, and the new value of the 


parameter. 


have scwIcVs 


□ B. 

^ G. 
^ D. 


The servlet’s constructor must retrieve the updated DD parameter from -Optioh B- you eah’t vetvieve 
the servlet’s ServletConfig object. ScvvIciCoh-fig 0 bj c 匕七 uhtil 

The container must destroy and then reinitialize the servlet. ^ C ^ohsvu^-to\r v*uhs. 

For each parameter, the DD must have a separate ^ … ’"tializ-cd "to 

<init-param> tag. 
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Which types can be used in conjunction with HttpServletResponse methods 
to stream output data? (Choose all that apply.) 


API, ^ ^ 


□ A. java.io. Prints tream 一〜七 •• ⑽六 : 七 y 條 iW) mctKod \rrbu\rhs a P\rm 七 iAMW 
^ B. java.io.PrintWriter 

Q C. java.io.Outputstream 
Q D. java.io.FileOutputStream 

^ E. java.io.ServletOutputStream-Optioh E ： the grtOu-tpu-tS-t^amO 

□ F. java. io.ByteArrayOutputStream 3 ^ cv " v l c tOu-tpu-tS-tvcam 
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Your web application has a valid dd with a single <security-constraint> 
tag. Within this tag exists: 

-a single url pattern that declares directory 1 
-a single http method that declares POST 

-a single role name that declares GUEST 




If all of the resources for your application exist within directory 1 and 
directory2, and MEMBER is also a valid role, which are true? (Choose all 
that apply.) 

Q A. GUESTs cannot do GET requests in directory 1. 




B. 


□ G. 
^ D. 


GUESTs can do GET requests in both directories. 
GUESTs can do POST requests only in directory〗. 
MEMBERS can do GET requests in both directories. 


The ⑽七 vam 七 ’m tiVis s 乙 ⑼ avio is 
七 1^ 七 only ^UKTs £.3^ do POSTs 
•m div-ct*bov-yl • 


E. GUESTs can do POST requests in both directories. 
□ F. MEMBERS can do only POST requests in directory 1. 


Given: 


1. 

<%@ 

2. 

<%@ 

3. 

<%@ 

4. 

<%@ 


taglib prefix="c" uri="http : / /java. sun. com/jsp/ 
jstl/core" %> 

taglib prefix="tables" uri= "http : // www. javaranch. 
com/tables" %> 

taglib prefix="jsp" tagdir= "/WEB - INF/tags" %> 
taglib uri="UtilityFunctions" prefix="util" %> 


v^.0 sctW 110 工 


What about the above taglib directives would cause the JSP to not function? 

-Option A : a*t*tv-'ibu*tcs 

LJ A. Line 4 is wrong because the prefix attribute must come before the be m ovdcv- 

Uri attribute . B ： v/he, usm 5 Ta 5 P.les, 

口 B. Line 3 is wrong because there is no uri attribute. is used 'ms*tcad o( uvi- 

G. Line 4 is wrong because the uri value must begin with http : // 1 a how 

n TLD is ide^i-Pied by the 

LJ D. Line 3 is wrong because the prefix j sp is reserved for standard actions. 

-Option P ： jsp pvc-f i% is vesevved 
(or sid^ddvdi a^tiems. 
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Given that resp is a reference to a valid HttpServletResponse object that 

contains, among others, the following headers: 

Content-Type : text/html 
MyHeader : mydata 

And the following invocations: 

25 . resp. addHeader ("MyHeader" , "mydata2 ’▼); 

26 . resp.setHeader("MyHeader", "mydata3"); 

27 . resp.addHeader("MyHeader” ， "mydata"); 

What data will exist for the MyHeader header? 

Q A. mydata 
口 B. mydata3 

nf ^ l 。 h -Option C ： sctttcadcv-0 v-cfladcs data 

W C. mydataS,mydata addHcad ^ 0 adds data data- 

Q D. mydata3, mydata2 

口 E. mydata,mydata2 ,mydata3 

Q F. mydata, mydata2 , mydata3, mydata 



Given the following portion of a web.xml from a legacy application: 

<jsp-config> 




<taglib> 

<taglib-uri>prettyTables</taglib-uri> 

<taglib-location>/WEB-INF/tlds/prettyTables.tld</taglib-location> 
</taglib> 

</jsp-config> 


Assuming the server running your code now supports Java 1.4 EE or greater, what could you 
do to remove the above < j sp-config> tag and still have your code work? 

Q A. Change the taglib directive’s uri attribute in your JSPs to use 
and the container will automatically map it. 


*»» 


-Option A ： ^ v\oi a 

Vildtavd -fov ta^libs. 




B. Place <uri>prettyTables</uri> in your TLD file. 


□ G. 


□ D. 


Remove the taglib directives that used this mapping in your 
JSPs. The container will handle it automatically. 


This is impossible. The < j sp - config> entry here must be 
present for the container to map the TLD to the uri referenced 
in your JSPs. 

P ： It's »mfoss*»blc. See w 


-Option B ： CoYYtth IVc C^Y\ see 

-tha-t ihc TLD is IVEB-INF, 

so 七 he doir»taihC\r will -Pmd it If ihc 
TLD 亡 oirrta’ms a <uvi> 七 he 

匕 orrta’mev will implidiily maf 七 ha 七 
value -to pvopc\r TLD \ocahov\. 

b e passed r ， bl es Wl 



ovcm as 


■tcr^pla-tc -tex-t. 
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For a page that lists shopping cart items, the message “Your shopping cart is 
empty.” must display when the cart is empty. Which of the following code 
snippets could satisfy this functionality assuming the scoped attribute cart is a List 


JSTU l 父出 。灼 s 
弓 3 一 * a 灼 d U ， 

^ 竹1 -伙 


of products? (Choose all that apply) 

13 A. <c : if test:'${empty cart}'> 

Your shopping cart is empty. 
</c : if> 


-外七 IOhS A ， C ， D all valid. A 

IS the simplest ahd p\rc-Pc\r\rcd solutioh. 


<c : forEach var="itemlnCart" items="${cart}"> 
<shop : displayItem item= M ${itemlnCart} "/ > 
</c : forEach> 


□ B. 


^ G 


^ D. 


<c : forEach var= n itemlnCart” items="${cart} n > 
<c : choose> 


<c : when test='${empty itemlnCart} ， > 
Your shopping cart is empty. 

</c:when> 

<c : otherwise 〉 


d' i-f 匕 art is empty or m\\, 
y/ill ncvcv »*b 

body. You y/ill r\cvcv see i\\t message 
七 lie tart is 


<shop : display Item item= n $ {itemlnCart} ’▼/> 
</c : otherwise 〉 

</c : choose> 

</c : forEach> 


<c : choose> 

<c : when test='${empty cart} ， > 

Your shopping cart is empty. 

</c:when> 

<c : when test:▼${not empty cart}'> 

<c:forEach var="itemlnCart" items= n ${cart}"> 
<shop : displayItem item="${itemlnCart}"/> 
</c : forEach> 

</c:when> 

</c : choose> 


<c : choose> 

<c : when test='${empty cart} ， > 

Your shopping cart is empty. 

</c:when> 

<c : otherwise 〉 

<c:forEach var="itemlnCart” items= n ${cart}’’> 
<shop : display Item item="$ {itemlnCart} ’’/> 
</c : forEach> 

</c : otherwise 〉 

</c : choose> 
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Given the following code from a servlet, and given that myVar is a reference to either an 

HttpSession or a ServletContext: 




15 . myVar. setAttribute ("myName" , "myVal"); 

16 . String s = (String) myVar. getAttribute ("myName"); 

17 . // more code 


After line 16 executes, which are true? (Choose all that apply.) 

I^i A. The value of s cannot be guaranteed. 

Q B. If myVar is an HttpSession, compilation will fail. 

Q C. If myVar is a ServletContext, compilation will fail. 

Q D. If myVar is an HttpSession, s is guaranteed to have the value "myVal". 

□ E. If myVar is a ServletContext, s is guaranteed to have the value "myVal". 


:㈣: 

(I … a 州 T op Ch ih 9 a 冰 。 hd 
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Given a portion of Java EE web application’s deployment descriptor: 


Scvv ： aw ^ 


62. 

63. 

64. 

65. 

66 . 

67. 

68 . 

69. 


<error-page> 

<exception-type>IOException</exception-type> 
<location>/mainError.j sp</location> 
</error-page> 

<error-page> 

<error - code>404</error-code> 
<location>/notFound.jsp</location> 
</error-page> 


What is true? 


A. The deployment descriptor is not valid. 


-Option A : ^ W, a ^ully 

c^ualiJpicd (suA as java.io.|06%dcpt»o^), 七 be used. 


Q B. If the application throws an IOException, nothing will be served. 

Q C. If the application throws an IOException, notFound.jsp will be served. 

□ D. If the application throws an IOException, mainError.jsp will be served. 
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Given the following JSP: 

1. <% ! String GREETING = "Welcome to my page"; %> 

2. <% request.setAttribute("greeting", GREETING); %> 

3. Greeting : ${greeting} 

4 . Again : <%= request. getAttribute ("greeting") %> 


a 灼 d 


An attempt is made to convert the above JSP to a JSP Document: 

01. <jsp:declaration 〉 

02 . String TITLE = "Welcome to my page"; 

03. </jsp:declaration 〉 

04. <jsp : scriptlet> 

05 . request.setAttribute("greeting", GREETING); 

06. </j sp:scriptlet> 

07. Greeting : ${greeting} 

08. Again : <jsp:expression> 

09 . request.getAttribute("greeting"); 

10.</jsp : expression> 


What is wrong with the new JSP Document? (Choose all that apply.) 

□ A. No < j sp : root> was declared. —Option A : <jsp ： voo*t> is y\o*t d v-c^u'ivcd 

B. The template text should be wrapped in a <jsp : text> tag. -0yhov\ B : Othcv-y/isc, "this 

!—j is hoi valid )(ML! 

LJ G. EL expressions are not allowed in JSP Documents. 




D. The < jsp:expression 〉 contents should not have a semicolon. 七 i 0h p: 0 o p s / 片 


56 


Which of the following is LEAST likely to make or receive network calls? 

|-| A TATTAT 一 4 you see a paUcv-L ov 

U A. JNDI server 如七， s ⑽七 m 七 Wes you W vule ’rt ou 七 

0T B. transfer object as tovvcd*t ar\sy/cv-| 


Q C. service locator 
Q D. front controller 
Q E. intercepting filter 


-Option B ： objects a\rc typically scht 

hcWk c,a\\s, but they seldom initiate 


o\r v-espohd "to hctwoirk d^lls 
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Given: 

10. ${questionNumber} : ${question} 

11. <c : forEach var="answer" items="${answers}"> 




16. </c:forEach> 

-Options A a^d 0 cstapc)<r«l is tvuc 

The question attribute is a String that may contain XML tags that must be ^ ^ /a so bo*tV> A a^d C av*c 

displayed in the browser as regular text. With the above snippet, the browser ^ 乙七 <:ou 七 

is not displaying the XML tags. What can be changed to fix this? (Choose ; ^ (< > f, \ 

^ hat apply ) ”） m*to sfctial Code so youv bvoy/sev 

B A. Replace $ {question} with <c:out value= " $ {question } " /> y/ill display fv-opcvly v-a*tV^cv- 

A A , i\\av\ mistake tiicm (or VrW. 

Replace $ {question} with <c : out>$ {question}</c : out> 


□ B. 

^ G. 

□ D. 


Replace $ {question} with <c : out escapeXml= " true 

Replace $ {question} with <%= $ {question} %> 

一 Option P: sovvy, but one s v\oi dose. 

You fu*t 6L msidc a Sd\rip*tlct 


value="$ {question} ’▼/> 

-Optioh B ： the value attribute is 
-Po\r <^ ： out>. Evch thou# 
<^ ou*t> have s body, -the body 
^\aus -the default attv-ibutc ; Joi 

"the value atbribute. 



Your Java EE web application is gaining in popularity and you decide to add a 
second server to support the volume of client requests. Which are true about the 
migration of a session from one server to the other? (Choose all that apply.) 


wf 2 _幻 一 2 >今 



Such migrations are not possible within a session. 

When a session is migrated, its HttpSession goes with it. 

When a session is migrated, its ServletContext goes with it. 

When a session is migrated, its HttpServletRequest goes with it. 

If an object is added using HttpSession. setAttribute, the object 
must be Serializable in order to be migrated from one server to the 
other. 


B ： ho w , y 


□ 


If an object is added using HttpSession. setAttribute, and the 
object’s class has implemented Serializable. readObject and 
Serializable. writeObject, and the session is migrated, the 
container will invoke these readObject and writeObject methods. 


F- tails 
3v*c^*t ^u3v*3n*bccd| 


□ G. 


If a session attribute implements HttpSessionActivationListener, 

the container’s only requirement is to notify listeners once the session has 
been activated on the new server. 


-OptlOh the ^Oh-bihCV 
州 ust also scv\d a 
passiv^tioh ho*ti 匕 e. 
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A Java EE deployment descriptor declares several filters whose URLs match a 
given request, and also declares several filters whose <servlet-name> tags 
match the same request. 


WHIG 


What statements are true about the rules that the container uses to invoke the 
filter(s) for that request? (Choose all that apply.) 


□ 

A. 

□ 

B. 

□ 

G. 

□ 

D. 

□ 

E. 

^ F. 


Of the URL matched filters, only the first will be invoked. 

Of the <servlet-name> matched filters, only the first will be invoked. 

The <servlet-name> matched filters will be invoked before the URL 
matched filters. 

All of the URL matched filters will be invoked, but the order of 
invocation is undefined. 

All of the URL matched filters will be invoked, in the order in which they 
appear in the DD. 


七 he 匕 will 
mvokc all URL 

-f'lltcv-s, m W 
dc£.lava*tior\ ovdcv, 
<SCV , vlc*t—^3 w 'C> m 
-fil*tcvs y/ill be invoked, also 
m PP dcdlavcd ovdev-. 



When comparing servlet initialization parameters to context initialization parameters, scW ^ 

which are true for both? (Choose all that apply.) Vvf lO 」 ⑽ 

A. In their respective DD tags, they both have a <param-name> and a 

<param-value> tag. or 

口 B. Their respective DD tags are both placed directly under the <web-app> 

a" G. Their respective methods used to retrieve initialization parameter values are <>wcb-apf> 心 5 

both called getlnitParameter. , 

-Option P ： only pav-ams be 

be directly accessed from aJSP. attessed JSPs 

口 E. Only changes to context initialization parameters in the DD can be accessed 

without redeploying the web application. m ^ci^cv tasc avc C\\a^ts 

bo -tKc W A^a^\Cd\\) atdcssiblc. 

J2P 

AJSP developer wants to include the contents of the file copyright. jsp 七 | ]0^ 


□ D. Both 


can 


A is because 


into all primary JSP pages. 

r hich mechanisms can do this? (Choose all that apply.) 

^ - - ^ 

A. <jsp : directive. include file="copyright. jsp" /> P Po^ui^ch-ts. 

^ B. <%@ include file= n copyright • j sp n %> ^ 0 ^ Oh ^ ]S bc^usc this syntax 

Q G. <%@ page include="copyright.jsp" %> 

/ -Option C is mdovvett because you darmot use the 

CB D. <jsp: include page=" copyright .jsp" /> \^ori 

□ E. <D SP • ^2 d 

s*tar\da\rdl aroo 於 docs v\ot wst. v-uh-ti^c. 
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You are developing an application to manage customer accounts for a company that offers 
phone, cable, and Internet services. Many of the pages contain a search functionality. The 
search box should look the same on every page but some of the pages should limit the 

search to only phone, cable, or Internet accounts. - ^ ^ 

t^ooAo^ 

<form action="/search.go"> 


Given a separate JSP named Search.jsp: 


2. 

Find ${param.accountType} Account : 

2. 

<input 

type: 

"text" 

name="searchText"/> 

3. 

〈input 

type: 

"hidden 

"name="accountType 

3. 

〈input 

type: 

"submit 

"value="Search n 

4. 

</form> 





What tag should you use in a JSP that needs to search for cable accounts? — Optioh <jsp:ihdude> 

Search, jsp" accountType="Cable"/> a e ai-bribuic 

value="Cable"/> -饮炉办巧 

v/ill -(*mdi ouv* Cable 
passed W\{\\ <jsp ： pava^> 


□ 

/ 

A. 

<j sp : include 

page: 

="Search.jsp" 

a 

B. 

<jsp:include 

page: 

="Search.jsp" 



<jsp:param 

name: 

="accountType 



</jsp:include 〉 


□ 

G. 

<j sp : include 

file= r 

'Search.jsp " 、 

□ 

D. 

<j sp : include 

file=’ 

'Search.jsp"> 


<j sp : attribute name="accountType" value="Cable "/ > 
</jsp:include> 


-Optiohs C ahd D ： <jsp ： ihdludc> 
the page a-t-tv-ibutc. Tk 
•Pile attribute is used ih 
ihdlude di\rcdtivcs 


While testing how various tags and scriptlets work, a developer creates the 
following JSP: 

1. <% request.setAttribute("name", "World"); %> 

2. <!-- Test --> 

3. <c : out value='Hello, ${name}'/> 

Much to the developer’s surprise, the browser doesn’t display anything at all when 
her JSP is retrieved. If the developer views the HTML source of the page, what 




will she find in the output? 

□ 

A. 

<!-- Test --> 

□ 

B. 

<!—— Test --> 



<c : out value='Hello f 

G. 

<!-- Test --> 



<c : out value='Hello, 

□ 

D. 

No output 


七： d 。: EL gets evaluated but 

the JSP will hot \rcdoghi24! -the <c ： o^i> iaa a^d 
threat it as template text because -the -balib was 
⑽七 decked ih the JSP. 
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A dating services application asks its single users a series of questions. A session scoped 
attribute called compatibility Profile of type HashMap already exists, into which each 
submitted question ID and answer pair are stored. 

Given: 

22 . <% ((java. util. HashMap) request. getSession () . getAttribute ( 

compatibilityProfile") ) . put ( 

23 . request. getParameter ("questionldSubmitted"), 

24 . request. getParameter ( n answer Submit ted")); 

25. %> 


XTU vl.l ^ 


How can this be replaced without using scriptlets? (Choose all that apply) 

□ A. <c : map target=" $ {compatibilityProfile} " -Option A : <6 .你 ap> a veal 

key="${param.questionldSubmitted}" 
value="${param.answerSubmitted} ’ ▼/> 


□ B. 

□ G. 
^ D. 


<jsp:useBean id="compatibilityProfile" class="java.util.HashMap" 


scope="session"> -Optioh B ： <js P ： uscBcah> ohl 

<jsp:setProperty name="compatibilityProfile" wov-ks with \>ca^s, ho t maps/ 

property="$ {param. questionldSubmitted}" 
value="${param.answerSubmitted}"/> 


</jsp : useBean> 

$ {compatibilityProfile [param. questionldSubmitted] 
param.answerSubmitted} 


-Option 0 tL alohC 乙 armo 七 
sci a value -to object 


<c : set 


target:"${compatibilityProfile}" 
property="$ {param. questionldSubmitted} 
value="${param.answerSubmitted} "/ > 


-Option P ： <^ ： sc*t> be used 
*to pu 七 values m d wvdf- 
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A programmer is creating a filter for a Java EE web application. Given the following code: 

7. public class MyFilter implements Filter { 

8 . public void init (FilterConfig config) throws FilterException 
9. 



10 . 

11 . 

12 . 

13. 

14. 


public void doFilter(HttpServletRequest request, 

HttpServletResponse response, 
FilterChain chain) 

throws IOException , ServletException { } 


15. } 


What change(s) are necessary to create a valid filter? (Choose all that apply.) 


□ A. 
^ B. 
^ G. 
^ D. 

E 

□ F. 


No changes are necessary. 


A destroy () method must be added. 

The doFilter () method’s body must be changed. 
The init () method’s signature must be changed. 


一 C : 』 else, doF»l*tcv-0 
州 us 七 mvokc ^a'm doF'tl-tcv-O. 

-Option D ： rnitO thv-ows a Scv-vIctEx^cpti 


oh. 


The doFilter () method’s arguments must be changed. -Optioh E ： dop.l-tcirO -takes 

The doFilter () method’s exceptions must be changed. Sc\rvlc-t/^cspohsc. 
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Your company wants to include a splash page, SplashAd. j sp, to advertise other company 
offerings to users as they first enter the site. On this new page users will be given the option to 
click a checkbox on the ad page that says“Do not show me this offer again” and click a submit 
button that says “Continue to My Account”. If the user submits this form with the checkbox 
checked, the receiving Servlet sets a Cookie with the name of “skipSplashAcTto the user’s 
browser and then passes control back to the main JSP. 


JSP vZ.0 

sc^tioh 弓.弓 

^ 午外午 10 


The main JSP will be responsible for forwarding the request to the splash page What snippet 
can be added to the top of the main page to send the user to the splash page if they have not yet 


selected the checkbox to avoid the ad offer? 

<jsp : forward page="SplashAd.jsp n /> 

Cookie Kas Y\ot set. Ot av/av-c . 

disabled v/ill ncvcv bo skip ad ^ t^is solution 

<jsp: forward page= "SplashAd. j sp" flush= n $ {empty cookie. skipSplashAd} "/> 

-Optioh The -flush 
attv-ibutc will hot help hcv-c. 


□ 

□ 

□ 

□ 


A. <c : if test="${empty cookie.skipSplashAd and pageContext.session.new}"> 


B. 

C. 

D. 

E. 


<jsp: redirect page=»SplashAd. jsp"/>^ pWs c p : IS 

< j sp: redirect file=" SplashAd. jsp"/> 朽 o <jsp ： vcdiv-ct*t> 七 a 汐 


<% if (cookie, get ("skipSplashAd") == null && session. isNew () ) { %> 
<jsp : forward page= n SplashAd.jsp n /> 

<% } %> 

a 於 


TVic mvalid: Coo\c\t is 

okjct*t m EL but Y\oi m s … ftlets. 
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A programmer wants to implement a ServletContextListener. Given the following DD 

67 fragment: . 

<!-- insert tagl here --> ^\p|, 

Wf ni-n^ 


101 . 

102 . 

103. 


104. 

105. 

106. 

107. 

108. 

109. 


<param-name>myParam</param-name> 
<param-value>myValue</param-value> 
<!—— close tagl here --> 

<listener> 

<!-- insert tag2 here --> 

com.wickedlysmart.MySCListener 
<!-- close tag2 here --> 


</listener> 

And this listener class pseudo-code: 

5. // packages and imports here 

6. public class MySCListener implements ServletContextListener { 

7. // method 1 here 

8. // shutdown related method here 

9. } 

Which are true? (Choose all that apply.) 

Q A. The DD fragment cannot be valid 
B. tagl should be <context-param> 

Q G. tagl should be <servlet-param> 

^ D. tag2 should be <listener-class> 

口 E. tag2 should be <servlet-context-class> 

□ F. method 1 should be initializeListener 


Sometimes you jus*t iiavc -to 
memovizjC some sxu-Wr. 


A 


G. method 1 should be contextlnitialized 
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The wickedlysmart website has a validly deployed Java EE web application and 
Deployment descriptor that contains the following: 

<welcome-file-list> 


〈welcome _file>wel come • h tml</welcome-file> 
<we 1 come -file>howdy. html</welcome-file> 
〈 welcome-file>index • html</welcome-file> 
</welcome-file-list> 

A portion of the web app’s directory structure looks like this: 

MyWebApp 


I -- index.html 

I 

I-- welcome 

I I -- welcome.html 

I 

I-- foobar 

I 丨 —— howdy.html 

If the application receives the following two requests: 


http :// www.wickedlysmart.com/MyWebApp / foobar 


http : //www.wickedlysmart.com/MyWebApp 


Which set of responses will be served? 


□ A. 

□ B. 

□ G. 

〆 D. 

□ E. 

□ F. 

□ G. 


howdy. html then a 404 
index. html then a 404 
welcome.html then a 404 
howdy. html then index. html 
index. html then index. html 
howdy. html then welcome . html 
welcome. html then index • html 


-Optioh P ： i-f pp do«h’t dohtaii 

a 你外 pi，it will scav-dh the 

di 以 U y sPcdi^icd -the 

^ M ^ile it the 

wcldor^c list that ma-Uhcs a -file ih i\ 
'requested div-c^-tov-y. 


Serv % ^ ^ 
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Your web application has a valid dd with a single <security-constraint> tag. 

Within this tag exists: 

- a single http method that declares GET 

All of the resources in your application exist within directory 1 and 

directory2 and the only defined roles are BEGINNER and EXPERT. 

If you want to restrict BEGINNERS from using resources in directory2, which 

are true about the url and role tag(s) you should declare? (Choose all that apply.) 

Q A. A single url tag should declare directory 1 and a single role tag should 
declare EXPERT. 

Q B. A single url tag should declare directory2 and a single role tag should 
declare EXPERT. 

Q C. A single url tag should declare directory 1 and a single role tag should 
declare BEGINNER. 


D. A single url tag should declare directory2 and a single role tag should 


declare BEGINNER. 




□ E. 

□ F. 


One url tag should declare ANY and its role tag should declare EXPERT, 
and another url tag should declare directory2 and its role tag should 
declare BEGINNER. 


Rcmcrwbcv- m PP 

youVc dlv/dys dctlav'm^ 
tor\s*tva*m*U. 


One url tag should declare both directories, and its role tag should declare 
EXPERT, and another url tag should declare directory 1 and its role tag 
should declare BEGINNER. 
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standard actions 358 
tag handlers 537 
TLD/JSP 517 
Code Magnets 

configuring DD init params 161 
EL 380 

JSP elements 325 
Making a JSP 300 
servlet/DD intro 60 
sessions 246 

Deployment exercise 634 
EL and scripting evaluation 324 
Request/Response intro 29 
Who’s responsible? 59 
expression 

JSP 288-289 


F 

Filter 

interface methods 708 
lifecycle 708 
filter 

BeerRequestFilter example 707 
mapping 710 
using with dispatcher 711 
Filter Chain 708 
findAncestorWithClassO 574 
findAttributeO (pageContext) 313 
Five Minute Mystery, Case of the Missing Content 383 
form, parameters 120—121. See also parameters 
FORM-based security 677, 679 
j_password 679 
j_security_check 679 
j_username 679 
form bean 772 
forwardO 206 

forward (standard action) 414 
Front Controller 769 
functions (in EL) 392—394 


G 

ge (EL operator) 396 
GeekDates 50 
GenericServlet, API 98 
GET 12-15 

and idempotency 116 
vs. POST (differences) 110 
get Attribute 0 186 

using pageContext 313 
getCookiesO 251 
getCreationTime Q 243 
getHeader() 123 
getlnitParameterO 150, 163 
getlntHeaderO 123 
getfspBodyO 514 
getLastAccessedTimeO 243 
getLocalPortO 123 
getMaxInactivelntervalO 243 
getOutputStreamO 132 
getParameterO 121 
getParameterValuesO 121 
getParentO 568 
getRemotePortO 123 
getRemoteUserO 674 
getRequestDispatcherO 206 
getServerPortO 123 
getServletConfigO 150, 163 
getS ervle t C ontextO 157, 163 
getSessionO 233 
getWriter() 132 
gt (EL operator) 396 

H 

header (EL implicit object) 387 
headers 123 

adding/setting 133 
vs. cookies 253 
HTML 6-8 

formatting 442—445 
Java helper method 442 
rendering 384 

special characters 384, 442—444 
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HTTP 6, 10 

GET 12-15. See also GET 
Methods 108—110 

difference between GET and POST 110 
POST l^.See also POST 
request (introduction) 12—13 
response (introduction) 10—11 
http-method 665 
HttpServlet, API 98 
HttpServletRequest 106, 122, 189 
bullet points 125 
HttpServletResponse 106, 126 
bullet points 140 

HttpServletResponseWrapper 720 
HttpSession 227 
API 243 

HttpSessionActivationListener 182, 260, 263 
HttpSessionAttributeListener 182, 262 
HttpSessionBindingEvent 182 
HttpSessionBindingListener 182, 256, 263 
HttpSessionEvent 182 
HttpSessionListener 182, 261 



id attribute (<select>) 550 
idempotent 112—114 
implicit objects 

EL 369, 385. See also EL, implicit objects 
JSP 298 
import 

<c:import> tag 460 
page directive attribute 287 
include0 206 
include directive 314,403 
review 418 

vs. <c:import> tag 460 
vs. <jspinclude> 404 
initO 

Filter interface 708 
servlet method (first look) 99 
init parameters 150-151, 158 
Initialization 

context init parameters 157 
using EL 390 


JSP 310 

context init parameters (using EL) 390 
jspInitO 310 
servlet init params 310 
servlet 103 

servlet init parameters 150—151 
web app/servlet context 159 
instance variables 

SingleThreadModel 201 
INTEGRAL 684 
integrity 653, 684 
invalidate0 243, 245 
invoke0 JSP body) 514 
isELIgnored 315 
isErrorPage 315, 468 
isNewO 234 
isThreadSafe 315 
isUserlnRoleO 674 
items (<c:forEach> attribute) 449 
iterating, a simple tag body 520 
IterationTag 530, 537 



j_password 679 
j_security_check 679 
j_username 679 
J2EE 65 
J2SE 1.4 xxvi 

JavaBean, standard actions. See standard actions 
Java EE 1.5 exam xxviii—xxix 
JNDI 747 
JSESSIONID 232 

URL rewriting 237—239 

JSP 

a first look 87 
becomes a servlet... 283 
comments 304 

Container-generated servlet 293, 297 
declarations 295 
directive 287 
error handling 468—471 
<c:catch> 472—474 
expressions 288—289 
initialization 310 
jspInitO 310 
servlet init params 310 
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jspInitO 310 
lifecycle 306 
page directive 287 
scrip tie t 288 

translation and compilation 308 
JSP 2.0 xxvi 

Jsp Context 312. See also Page Context 
JSP Document 629 

JSP Expression Language 369, 384. See also EL 

JSP expression tag, null user 445 

JspFragment 522 

jspInitO 310 

_jspService 297 

JspTag 530 

JSTL 475 

JSTL 1.1 xxvi 

JSTL tags 

<c:catch> 472 
<c:choose> 454 
<c:forEach> 447 
items attribute 449 
var attribute 449 
<c:if> 451 

test attribute 451 
<c:import> 460 
<c:otherwise〉454 
<c:param> 463 
<c:remove> 458 
<c:set> 455 
gotchas 457 
<c:url> 465 
<c:when> 454 

test attribute 454 



lang attribute (<select>) 550 
le (EL operator) 396 
lifecycle 

Classic tag handlers 533 
JSP 306 

methods (servlet) 98 
doGetO 99 
doPostO 99 
initO 99 
serviceO 99 
session 255 


listeners 

callback methods. See methods, listener callbacks 
examples 261 

HttpSessionActivationListener 182, 260, 263 
HttpSessionAttributeListener 182, 262 
HttpSessionBindingListener 182, 256, 263 
HttpSessionListener 182, 261 
listener events 

Http SessionBindingE vent 182 
HttpSessionEvent 182 
ServletContextAttribute Event 182 
ServletContextEvent 182 
ServletRequestAttributeEvent 182 
ServletRequestEvent 182 
ServletContextAttributeListener 182 
ServletContextListener 166, 182 
ServletRequestAttributeListener 182 
ServletRequestListener 182 
session 255 

table of session-related listeners 264 
The eight listeners 182 
It (EL operator) 396 

M 

mapping 

filters in the DD 710 
servlets (a first look) 46—47 
servlets in the DD 616 
Matchmaking Site 50 
META-INF 613 
methods 

listener callbacks 

attributeAdded 182 
attributeRemoved 182 
attributeReplaced 182 
contextDestroyed 182 
contextlnitialized 182 
requestDestroyed 182 
requestlnitialized 182 
sessionCreated 182 
sessionDestroyed 182 
sessionDidActivate 182 
Session WillPassivate 182 
valueBound 182 
valueUnbound 182 
servlet lifecycle API 98 
migration (session) 257 
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MIME 17 

<mime-mapping> in the DD 633 
content type 130 

Mock Exam, request and response 141 
Mock Exam Questions 

QJO confidential data 796, 832 
QJ5 outer tag handler 799, 835 
API 

QJ7 session reference 800, 836 
QJ8 req reference to HttpServletRequest 800, 836 
Q20 session reference 801, 838 
Q28 HttpServletRequest 806, 842 
Q33 servlet lifecycle 808, 844 
Q39 HttpServletRequest 811, 847 
Q42 event types 813, 849 
Q45 doGetO method 814, 850 
Q47 HttpServletResponse, streaming output 
data 814, 850 

Q65 creating filter for Java EE web 
application 824, 860 
Q67 ServletContextListener 825, 861 
CoreJ2EE 

Q05 business delegate object and service locator 
object 795, 831 

Q32 Java EE patterns 808, 844 
Q35 MVG in Java EE n-tier application 809, 845 
Q56 network calls 819, 855 
HTTP 1.1 

Q09 Http Servlet 796, 832 
Q22 HTTP GET versus HTTP POST 803, 839 
JSP 8, Q01 file location 792, 828 
JSP v2.0 

Q02 EL 792, 828 

Q03 tag definitions 793, 829 

Q04 replacing Servlet code 794, 830 

Q07 testing browser windows 795, 831 

Q08 ServletContext 796, 832 

QJ2 JSP Document 798, 834 

QJ3 HTML output of JSP page 798, 834 

QJ6 HTTP 500 status code 800, 836 

QJ9 Classic tag handler 801, 837 

Q24 scriptlets and strings 804, 840 

Q25 removing scriptlet code 804, 840 

Q26 〈〔 otherwise 〉 805, 841 

Q27 business listing directory 806, 842 

Q31 custom tags 808, 844 

Q36 JSP page, importing data types 810, 846 


Q41 removing JSP scriptlets 812, 848 
Q44 translating JSP 813, 849 
Q49 taglib directives 815, 851 
Q51 <jsp-config> 816, 852 
Q55 converting JSP to JSP Document 819, 855 
Q61 including file contents 821, 857 
Q62 search functionality 822, 858 
Q63 testing tags and scriptlets 822, 858 
Q66 splash page 824, 860 
JSTLvl.l 

Q52 shopping cart items 817, 853 
Q57 XML tags, displaying 820, 856 
Q64 session scoped attribute 823, 859 
Servlet 

Q06 session listeners 795, 831 
Q07 testing browser windows 795, 831 
QJlJavaEEDD 797, 833 
QJ4 HTTP session support 798, 834 
Q21 WAR file 802, 838 
Q23 DD fragment 803, 839 
Q29 Java EE web application browser request 
807, 843 

Q30 deployment descriptor 807, 843 
Q33 servlet lifecycle 808, 844 
Q34Java EE .war file’s directory structure 809, 845 
Q3 7 Java EE web application security features 
810, 846 

Q38Java EE application directory structure 811, 847 
Q40 Tag File 812, 848 
Q43 servlet lifecycle 813, 849 
Q46 updating live, running servlet’s initialization 
parameters 814, 850 
Q48 〈 security-constraint 〉 815, 851 
Q50 resp reference to HttpServletResponse 816, 852 
Q53 myVar reference 818, 854 
Q54 deployment descriptor 818, 854 
Q58 session migration 820, 856 
Q59 invoking filters for request 821, 857 
Q60 comparing servlet initialization parameters 
to context initialization parameters 821, 857 
Q67 ServletContextListener 825, 861 
Q68 responses to requests 826, 862 
Q69 〈 security-constraint 〉 827, 863 
TagSupportAPI, QJ9 Classic tag handler 801, 837 
mod 396 

Model, a first look 54 
multiple attribute (<select〉) 550 
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MVG 

a first look 53 
more serious look 763 

N 

name attribute (<select〉) 550 
ne (EL operator) 396 
NONE 684 
null (in EL) 399 
null values 445 

0 

Objectives (official exam) 

Building a Custom Tag Library 500 
Building JSP pages using tag libraries 440 
Building JSP pages using the Expression Language 
(EL) and Standard Actions 344 
Filters 702 

High-level Web App Achitecture 38 
J2EE Patterns 738 
JSP Technology Model 282 
Servlets &JSP overview 2 
Session Management 224 
The Servlet Technology Model 94 
The Web Container Model 148 
Web Application Deployment 68, 602 
Web Application Security 650 
onblur attribute (<select>) 550 
onchange attribute (<select>) 550 
onclick attribute ( 〈 select〉) 550 
ondblclick attribute (<select>) 550 
onfocus attribute ( 〈 select〉) 550 
onkeydown attribute (<select〉) 550 
onkeypress attribute (<select>) 550 
onkeyup attribute ( 〈 select〉）550 
onmousemove attribute ( 〈 select〉) 550 
onmouseout attribute ( 〈 select〉) 550 
onmouseover attribute (<select>) 550 
onmouseup attribute (<select>) 550 
operators (EL) 396 
out implicit object 298 


P 

PAGE_SCOPE 312 
Page Context, API 312 
page Context 311 

get/set attributes 313 
page directive 287 
attributes 315 

contentType 315 
errorPage 315 
import 315 
isErrorPage 315 
isThreadSafe 315 
page scope 311 
param, EL implicit object 386 
param attribute 360 
parameters 

context parameters 157 
form parameters (a first look) 119—120 
init parameters 150—151 
in a JSP 310 

param Values, EL implicit object 386 
Parent 568 
POST 16 

and forms 117 
not idempotent 116 
parameters 119 
vs. GET (differences) 110 
prefix (taglib directive attribute) 393 
PrintWriter 132 

R 

redirect 134—136 
relative URL 136 

Request. See also HttpServletRequest, ServletRequest 
and threads 101 
API 106, 122 
attributes 187 

thread-safety 204 
getSessionO 233 
introduction 12—13 
RequestDispatcher 206—207 
scope 186—187 
wrappers 719 
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REQUEST_SCOPE 312 
requestDestroyed 182 
request dispatch 138 
RequestDispatcher 206—207 
forwardO 206 
include0 206 
requestlnitialized 182 
requests 

queuing 201—202 
sending through pool 201—202 
requestScope, EL implicit object 388 
Response 126. See also HttpServletResponse; 

ServletResponse 
API 106 

introduction 10—11 
wrappers 719 
response filter 711 
rewriting (URL) 237—239 
encodeURLO 238 
RMI 748 
role-name 664 
rtexprvalue 477, 480 



scope 

application/ context 186 
EL implicit objects 389 
page 311 
request 186 
session 186 

scriptless (<body-content> 482 
scrip tie t 288 

SCWCD exam xxviii—xxix 
security 653 

〈 security-constraint〉670 
<tomcat-users> file 663 
<web-resource-collection> 666 
constraints 665 
data confidentiality 684 
data integrity 684 
how auth-constraint works 669 
the Big 4 653 
security-constraint 670 
security-role 664 
security risks and EL 444 
security roles 664 


SelectTagHandler 551 
sendRedirectO 136. See also redirect 
Serialization, in session migration 260 
serviceO 

servlet method (first look) 99 
synchronizing (bad idea) 195 
Service Locator 754 
Servlet 

class (API) 98 
servlet 97 

a first look at code 30 
initialization 103 

init parameters 150-151, 158. See also parameters 
lifecycle 97 

mapping (a first look) 46—47 
mapping (the details) 616 
redirect. 134—136 
tutorial: simple beer controller 80 
Servlet 2.4 xxvi 
ServletConfig 104, 151， 159 
ServletContext 104, 159, 162—163, 189 
ServletContextAttributeEvent 182 
ServletContextAttributeListener 182 
ServletContextEvent 168, 182 
ServletContextListener 166, 182 
ServletOutputStream 132 
ServletRequest 106, 122, 189 
ServletRequestAttributeEvent 182 
ServletRequestAttributeListener 182 
ServletRequestEvent 182 
ServletRequestListener 182 
ServletResponse 106, 126 
servlets 

one request at a time 201 
specification 203 
session 

attributes 187 

thread safety issues 197 
cookies 232. See also cookies 
creating/getting 23 3-235 
getSessionO 233—234 
intro to sessions 227—229 
invalidation 245 
isNewO 234 
lifecycle 255 
listeners 255 
API 264 

migration 257—259 
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scope 186 
session ID 232 
timeout 245 
SESSION_SCOPE 312 
sessionCreated 182 
sessionDestroyed 182 
sessionDidActivate 182 
session WillPassivate 182 
setAttributeO 186 
setContentTypeO 130 
setDir 552 
setDisabled 553 

setDynamicAttributeO method 557, 560, 561 

setHeaderO 133 

setLang 552 

setMaxAge(int) 251 

setMaxInactivelntervalO 243 

setMultiple 553 

setName 553 

setOnblur 554 

setOnchange 554 

setOnclick 552 

setOndblclick 552 

setOnfocus 554 

setOnkeydown 553 

setOnkeypress 553 

setOnkeyup 553 

setOnmousedown 552 

setOnmousemove 553 

setOnmouseout 553 

setOnmouseover 552 

setOnmouseup 552 

setSize 553 

setStyle 552 

setTabindex 554 

setTitle 552 

SimpleTag 530 

simple tags 513. See also SimpleTagSupport 
API 515 
attribute 521 
bullet points 523 
lifecycle 515 

SimpleTagSupport 513, 530 
API 515 

SingleThreadModel 201—203 
size attribute (<select>) 550 
SKIP_BODY 531, 532 


Skip Page Exception 523 
specifications xxvi 
servlets 203 
standard actions 323 
<jsp:forward> 413 
<jsp : getProperty> 349 
<jsp include > 404 
<jsp:param> 412 
<jsp:setProperty> 351 

param attribute 360-361 
property attribute 362 
<jsp:useBean> 349, 354 
type and class 356 
bean-related 348 
bullet points 418 
STM strategies 201-203 

queuing requests versus sending through pool 202 
Struts 767 

installing 776 
struts-config.xml 774 
style attribute (<select〉）550 
synchronizing 

on the context 197 
serviceO 195 

system requirements for this book xxvi 

T 

tabindex attribute (<select>) 550 
tag. See also Classic tag handlers 

〈 body-content〉. See body-content 

attributes 504 

custom tag handler 477 

Classic tag handler API 530 
simple vs. classic 574 
empty 482 
TLD element 477 
tag attribute setters 552-554 
Tag Files 502 

body-content 508 
dynamic attributes 561 
locations 509 
tag directive 508 
Tag interface 530 
taglib 393 
taglib directive 314 
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tag library 476 

custom. JSTL; JSTL tags 
JSTL. 5^JSTL;JSTL tags 
Tag Library Descriptor 392. See TLD 
TagSupport 530 
TCP port 21 

templates (reusable JSP chunks) 402 

test <c:i€> attribute 451 

threads 

and scope 192 — 196 
for requests (a first look) 101 
timeout (session) 245 
title attribute (<select>) 550 
TLD 392, 477, 483 
for simple tags 513 
locations in web app 486 
Tomcat 

deploy/hot redeploy 153 
deployment environment 73 
generated servlet 297 
starting Tomcat 77 
Tomcat, getting and installing xxvi 
Transfer Object 759 
translation and compilation (JSP) 308 

TJ 

uri (taglib element) 484 
URL 

introduction 20 
relative 136 
rewriting 237—239 
encodeURLO 238 
url-pattern 618 
useBean 349 


V 

valueBound 182 
valueUnbound 182 
var <c:forEach> attribute 449 
View, a first look 54 

¥ 

WAR files 612 
META-INF 613 
WEB-INF 613-614 
web.xml 154. See also DD 
web app 

initialization 159. See also Initialization; Servlet- 
Context 

web containers, one request at a time 201 
welcome files 622 

Container choosing 625 
Wrappers (request and response) 719 

X 

XML-compliantJSP (JSP document) 629 
XML entities 443 
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JavaCr 織 2.4 

Let’s give your right brain 
something to do. 

It’s a standard crossword, but 
almost all of the solution words 
are from chapters 13 and 14. 

If you aren’t a veteran puzzler, 
we’ve provided less "ornery” 
clues at the bottom of the page. 
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Across 

3. Performance pattern 
5. Architecture layer 
7. Don’t invoke me 

9. Trickier filters 

10. HTTP’s stomping ground 

11. One per Struts app. 

12. Socket shielder 

13. Could be moldy (abbr.) 

14. Browser jockey 

15. A Struts callback 

18. Web developer's tool 


19. Smalltalk pattern 
21. Some kind of event 

23. XML hotbed 

24. Could be a browser 

25. Crupi’s bailiwick 

27. JavaScript inspired 

28. Fancy models 

30. Inter-server ether 

31. 1st step towards looseness 

32. Hand off 


Down 

1. Data communicator 

2. Convenient class 

3. JSP super-chargers 

4. Stackable component 
6 . DD brick 

8 . Single minded 
11 . Declarative reducer 
16. The blueprints 


17. State component 

18. The yellow pages 

19. Blind to the GUI 

20. SL’s shortcut 
22. Filter’s fate 

26. Validated home 

29. Controller protect 。 
(abbr.) 


Extra Hints: 
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bonus puzzle solutions 


Answers! 



JavaCr^s 2-4 

Let’s give your right brain 
something to do. 

It’s your standard crossword, 
but almost all of the solution 
words are from chapters 13 
and 14. 
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Across 

3. Performance pattern 
5. Architecture layer 
7. Don’t invoke me 

9. Trickier filters 

10. HTTP’s stomping ground 

11. One per Struts app. 

12. Socket shielder 

13. Could be moldy (abbr.) 

14. Browser jockey 

15. A Struts callback 
18. Web designer's tool 


19. Smalltalk pattern 
21. Some kind of event 

23. XML hotbed 

24. Could be a browser 

25. Crupi’s bailiwick 

27. JavaScript inspired 

28. Fancy models 

30. Inter-server ether 

31. 1 st step towards looseness 

32. Really fancy proxy 


Down 

1. Communicator 

2. Convenient class 

3. JSP super-chargers 

4. Stackable component 
6. DD brick 

8. Single minded 
11. Declarative reducer 

16. The blueprints 

17. State component 

18. The yellow pages 

19. Blind to the GUI 

20. SL’s shortcut 
22. Filter's fate 

26. Validated home 
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THiS isrft goodbye 


Bring your brain over to 


headfirstlabs.com 



Don’t you know there's more on the 
headfirstlabs.com website? And if youre 
going to take the exam be sure to drop by 
javaranch.com and spend some time in the 
SCWCD study forum. Folks there are just so 
damn friendly ifll make you want to throw 


And don’t forget to write and tell us 
when you pass the exam! 


ikickedbutt@headfirstlabs.com 

So we can have a drink in your honor. 
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